New versions of Git have been released to address two security vulnerabilities, CVE-2022-24765 and CVE-2022-24767, although GitHub is unaffected by these issues. CVE-2022-24765 affects users on multi-user machines, where a malicious actor could create a .git directory in a shared location to execute arbitrary commands, and upgrading to Git v2.35.2 mitigates this risk by changing directory traversal behavior. CVE-2022-24767 involves the Git for Windows uninstaller, which, due to default permissions in the temporary directory, could allow malicious .dll files to be loaded, and upgrading to Git for Windows v2.35.2 addresses this vulnerability. For both vulnerabilities, users are advised to upgrade to the latest versions, and in the interim, take precautions such as redefining environment variables and avoiding certain operations on multi-user machines. These vulnerabilities were discovered by 俞晨东 and the Lockheed Martin Red Team, respectively.