{"id":3527845,"name":"github.com/MichaelMure/git-bug","ecosystem":"go","description":"","homepage":"https://github.com/MichaelMure/git-bug","licenses":"GPL-3.0","normalized_licenses":["GPL-3.0"],"repository_url":"https://github.com/MichaelMure/git-bug","keywords_array":[],"namespace":"github.com/MichaelMure","versions_count":6,"first_release_published_at":"2021-03-21T20:54:54.000Z","latest_release_published_at":"2025-05-19T04:59:55.000Z","latest_release_number":"v0.10.1","last_synced_at":"2026-05-29T11:17:57.673Z","created_at":"2022-04-10T22:52:55.369Z","updated_at":"2026-05-29T11:17:57.674Z","registry_url":"https://pkg.go.dev/github.com/MichaelMure/git-bug","install_command":"go get github.com/MichaelMure/git-bug","documentation_url":"https://pkg.go.dev/github.com/MichaelMure/git-bug#section-documentation","metadata":{},"repo_metadata":{"uuid":"140680839","full_name":"MichaelMure/git-bug","owner":"MichaelMure","description":"Distributed, offline-first bug tracker embedded in git, with bridges","archived":false,"fork":false,"pushed_at":"2023-03-15T05:59:11.000Z","size":25545,"stargazers_count":7614,"open_issues_count":122,"forks_count":243,"subscribers_count":86,"default_branch":"master","last_synced_at":"2023-03-17T12:22:30.688Z","etag":null,"topics":["bugtracker","decentralized-application","distributed-systems","git","gitdb"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"open_collective":"git-bug"}},"created_at":"2018-07-12T07:55:57.000Z","updated_at":"2023-03-17T11:51:37.000Z","dependencies_parsed_at":"2023-02-18T18:46:14.110Z","dependency_job_id":null,"html_url":"https://github.com/MichaelMure/git-bug","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MichaelMure%2Fgit-bug","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MichaelMure%2Fgit-bug/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MichaelMure%2Fgit-bug/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MichaelMure","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"},"owner_record":{"login":"MichaelMure","name":"Michael Muré","uuid":"294669","kind":"user","description":"","email":"","website":null,"location":"France","twitter":null,"company":"@INFURA ","avatar_url":"https://avatars.githubusercontent.com/u/294669?u=68632a70dd599298a95e9476d439f5320d07e216\u0026v=4","repositories_count":36,"last_synced_at":"2023-03-11T06:55:38.910Z","metadata":{"has_sponsors_listing":false},"owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MichaelMure"},"tags":[{"name":"v0.8.0","sha":"a3fa445a9c76631c4cd16f93e1c1c68a954adef7","kind":"commit","published_at":"2022-11-20T15:26:43.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/v0.8.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/v0.8.0"},{"name":"v0.7.2","sha":"cc4a93c8ce931b1390c61035b888ad17110b7bd6","kind":"commit","published_at":"2021-03-21T20:54:54.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/v0.7.2","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/v0.7.2"},{"name":"0.7.1","sha":"2d64b85db71a17ff3277bbbf7ac9d8e81f8e416c","kind":"commit","published_at":"2020-04-04T10:48:24.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.7.1","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.7.1"},{"name":"0.7.0","sha":"71580c41a931a1ad2c04682e0fd701661b716c95","kind":"commit","published_at":"2020-03-01T13:46:52.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.7.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.7.0"},{"name":"0.6.0","sha":"fc568209f073b9d775a09e0dbb8289cf9e5749bf","kind":"commit","published_at":"2019-12-27T19:08:58.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.6.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.6.0"},{"name":"0.5.0","sha":"8d7a2c076a38c89085fd3191a2998efb659650c2","kind":"commit","published_at":"2019-04-21T23:26:01.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.5.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.5.0"},{"name":"0.4.0","sha":"2ab2412771d58a1b1f3bfeb5a6e9da2e683b0e12","kind":"commit","published_at":"2018-10-21T10:33:08.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.4.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.4.0"},{"name":"0.3.0","sha":"ad59f77fd425b00ae4b8d7360a64dc3dc1c73bd0","kind":"commit","published_at":"2018-09-13T16:05:13.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.3.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.3.0"},{"name":"0.2.0","sha":"d959acc29dcbc467790ae87389f9569bb830c8c6","kind":"commit","published_at":"2018-08-17T11:37:50.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.2.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.2.0"},{"name":"0.1.0","sha":"c1a08111b603403d4ee0a78c1214f322fecaa3ca","kind":"commit","published_at":"2018-08-12T19:35:41.000Z","download_url":"https://codeload.github.com/MichaelMure/git-bug/tar.gz/0.1.0","html_url":"https://github.com/MichaelMure/git-bug/releases/tag/0.1.0"}]},"repo_metadata_updated_at":"2023-03-21T18:42:57.168Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":2,"rankings":{"downloads":null,"dependent_repos_count":3.4820259350346543,"dependent_packages_count":9.555658915966655,"stargazers_count":0.7463632254465956,"forks_count":1.8052411062539848,"docker_downloads_count":null,"average":3.8973222956754725},"purl":"pkg:golang/github.com/%21michael%21mure/git-bug","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy","url":"https://github.com/advisories/GHSA-m898-h4pm-pqfr","title":"Arbitrary code execution due to an uncontrolled search path for the git binary","description":"### Impact\n\nThe go language recently addressed a security issue in the way that binaries are found before being executed. Some operating systems like Windows persist to have the current directory being part of the default search path, and having priority over the system-wide path.\n\nThis means that it's possible for a malicious user to craft for example a `git.bat` command, commit it and push it in a repository. Later when git-bug search for the git binary, this malicious executable can take priority  and be executed.\n\n### Who is impacted\n\nThis issue happen on Windows and some other operating systems with a badly configured PATH.\n\nAll version prior to 0.7.2 are vulnerable to this issue.\n\n### Patches\n\nVersion 0.7.2 fix this issue. Users should update as soon as possible.\n\n### References\n\nMore details about this issue can be found [here](https://blog.golang.org/path-security).","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2021-05-25T18:44:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2021-28955","https://github.com/MichaelMure/git-bug/pull/604","https://vuln.ryotak.me/advisories/18","https://github.com/git-bug/git-bug/security/advisories/GHSA-m898-h4pm-pqfr","https://github.com/advisories/GHSA-m898-h4pm-pqfr"],"source_kind":"github","identifiers":["GHSA-m898-h4pm-pqfr","CVE-2021-28955"],"repository_url":"https://github.com/MichaelMure/git-bug","blast_radius":0.0,"created_at":"2022-12-21T16:13:01.155Z","updated_at":"2026-05-09T06:06:40.785Z","epss_percentage":0.00467,"epss_percentile":0.64529,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy","packages":[{"ecosystem":"go","package_name":"github.com/MichaelMure/git-bug","versions":[{"first_patched_version":"0.7.2","vulnerable_version_range":"\u003c 0.7.2"}],"purl":"pkg:go/github.com%2FMichaelMure%2Fgit-bug"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/MichaelMure/git-bug","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/MichaelMure/git-bug","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/MichaelMure/git-bug/dependencies","status":null,"funding_links":["https://opencollective.com/git-bug"],"critical":null,"issue_metadata":{"last_synced_at":"2023-08-17T19:34:39.696Z","issues_count":25,"pull_requests_count":101,"avg_time_to_close_issue":9086256.25,"avg_time_to_close_pull_request":2987821.4266666668,"issues_closed_count":8,"pull_requests_closed_count":75,"pull_request_authors_count":14,"issue_authors_count":22,"avg_comments_per_issue":6.56,"avg_comments_per_pull_request":1.0891089108910892,"merged_pull_requests_count":33,"bot_issues_count":0,"bot_pull_requests_count":71,"past_year_issues_count":21,"past_year_pull_requests_count":94,"past_year_avg_time_to_close_issue":2823759.285714286,"past_year_avg_time_to_close_pull_request":2987821.4266666668,"past_year_issues_closed_count":7,"past_year_pull_requests_closed_count":75,"past_year_pull_request_authors_count":11,"past_year_issue_authors_count":19,"past_year_avg_comments_per_issue":5.428571428571429,"past_year_avg_comments_per_pull_request":1.053191489361702,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":71,"past_year_merged_pull_requests_count":33},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FMichaelMure%2Fgit-bug/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FMichaelMure%2Fgit-bug/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FMichaelMure%2Fgit-bug/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FMichaelMure%2Fgit-bug/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FMichaelMure%2Fgit-bug/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FMichaelMure%2Fgit-bug/codemeta","maintainers":[]}