Package impact
PyPI / gitpython
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42284 | critical | 9.8 | 9.8 | 29d ago | GitPython: Unsafe option check validates multi_options before shlex.split transformation | |||
| CVE-2026-42215 | high | 8.8 | 8.8 | 29d ago | GitPython has Command Injection via Git options bypass | |||
| CVE-2023-40267 | high | — | 8.0 | 3y ago | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | |||
| CVE-2026-44244 | high | 7.8 | 7.8 | 29d ago | GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath | |||
| CVE-2026-44243 | high | 7.1 | 7.1 | 1mo ago | GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository |