Package impact
PyPI / dulwich
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16228 | critical | 9.8 | 9.8 | 9y ago | Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017… | |||
| CVE-2026-42563 | unknown | — | — | 7d ago | Dulwich Vulnerable to Command Injection via Merge Driver Path | |||
| CVE-2026-42305 | unknown | — | — | 7d ago | Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows |