| CVE-2017-16228 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017… |
| CVE-2014-9706 |
high |
— |
7.5 |
|
|
|
4y ago |
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly … |
| CVE-2015-0838 |
high |
— |
7.5 |
|
|
|
11y ago |
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. |
| CVE-2026-42563 |
unknown |
— |
— |
|
|
|
6d ago |
Dulwich Vulnerable to Command Injection via Merge Driver Path |
| CVE-2026-42305 |
unknown |
— |
— |
|
|
|
6d ago |
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows |
