VIR Vulnerability Intelligence Relay

Package impact

python PyPI / gitpython

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42284 critical 9.8 9.8 21d ago GitPython: Unsafe option check validates multi_options before shlex.split transformation susedebianpython
CVE-2026-42215 high 8.8 8.8 21d ago GitPython has Command Injection via Git options bypass susedebianpython
CVE-2023-40267 high 8.0 3y ago GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. rockylinuxsusedebianpython
CVE-2026-44244 high 7.8 7.8 21d ago GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath susedebianpython
CVE-2026-44243 high 7.1 7.1 22d ago GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository susedebianpython
CVE-2024-22190 unknown 2y ago GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git… debianpython
CVE-2023-41040 unknown 3y ago GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file be… susedebianpython
CVE-2023-40590 unknown 3y ago GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython … susedebianpython
CVE-2022-24439 unknown 4y ago All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clon… susedebianpython