CRITICAL9.8CVE-2022-24826Git LFS can execute a binary from the current directory on Windows >= 2.12.1
CRITICAL9.8CVE-2020-27955Git LFS can execute a Git binary from the current directory from 0, < 2.12.1
HIGH8.8CVE-2017-17831Arbitrary command execution in github.com/git-lfs/git-lfs from 0, < 2.1.1-0.20170519163204-f913f5f9c7c6
HIGH8.8CVE-2017-17831Arbitrary command execution in github.com/git-lfs/git-lfs from 0, < 2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
HIGH7.2CVE-2021-21237Git LFS can execute a Git binary from the current directory on Windows from 0, < 1.5.1-0.20210113180018-fc664697ed2c
HIGH7.2CVE-2021-21237Git LFS can execute a Git binary from the current directory on Windows from 0, < 2.13.2
—CVE-2025-26625Git LFS may write to arbitrary files via crafted symlinks >= 0.5.2, < 3.7.1
—CVE-2025-26625Git LFS may write to arbitrary files via crafted symlinks >= 0.5.2
—CVE-2024-53263Git LFS permits exfiltration of credentials via crafted HTTP URLs >= 0.1.0, <= 3.0.0
—CVE-2024-53263Git LFS permits exfiltration of credentials via crafted HTTP URLs >= 0.1.0