VYPR

Gitpython

by Gitpython Project

pypi: gitpython

Source repositories

CVEs (7)

  • CVE-2026-42215HigMay 7, 2026
    risk 0.50cvss 8.8epss 0.01

    GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass…

  • CVE-2026-42284HigMay 7, 2026
    risk 0.46cvss 8.1epss 0.01

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation…

  • CVE-2026-44244HigMay 7, 2026
    risk 0.44cvss 7.8epss 0.00

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines…

  • CVE-2026-44243HigMay 7, 2026
    risk 0.39cvss 7.1epss 0.00

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the…

  • CVE-2024-22190Jan 11, 2024
    risk 0.00cvss epss 0.00

    GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those…

  • CVE-2023-41040Aug 30, 2023
    risk 0.00cvss epss 0.01

    GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located…

  • CVE-2023-40590Aug 28, 2023
    risk 0.00cvss epss 0.00

    GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a…