Package impact
PyPI / gitpython
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42284 | critical | 9.8 | 9.8 | 21d ago | GitPython: Unsafe option check validates multi_options before shlex.split transformation | |
| CVE-2026-42215 | high | 8.8 | 8.8 | 21d ago | GitPython has Command Injection via Git options bypass | |
| CVE-2023-40267 | high | — | 8.0 | 3y ago | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | |
| CVE-2026-44244 | high | 7.8 | 7.8 | 21d ago | GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath | |
| CVE-2026-44243 | high | 7.1 | 7.1 | 22d ago | GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository |