Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks.