VYPR

PyPI package

openhands

pkg:pypi/openhands

Vulnerabilities (1)

  • CVE-2026-33718HigMar 27, 2026
    affected < 1.5.0fixed 1.5.0

    OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API e