291 matches found
ROOT-APP-PYPI-GHSA-MV93-W799-CJ2W GHSA-mv93-w799-cj2w in rootio-GitPython - Patched by Root
Root has patched GHSA-mv93-w799-cj2w in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-44243 CVE-2026-44243 in rootio-GitPython - Patched by Root
Root has patched CVE-2026-44243 in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
CVE-2026-42284
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...
CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...
CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
ROOT-APP-PYPI-CVE-2024-22190 CVE-2024-22190 in rootio-GitPython - Patched by Root
Root has patched CVE-2024-22190 in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-44244 CVE-2026-44244 in rootio-GitPython - Patched by Root
Root has patched CVE-2026-44244 in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-42284 CVE-2026-42284 in rootio-GitPython - Patched by Root
Root has patched CVE-2026-42284 in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-42215 CVE-2026-42215 in rootio-GitPython - Patched by Root
Root has patched CVE-2026-42215 in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.
Summary Maximo AI Service uses mlflow-3.9.0rc0-py3-none-any.whl, bcprov-jdk18on-1.79.jar, mlflow-3.8.1-py3-none-any.whl and GitPython-3.1.44-py3-none-any.whl which are vulnerable to CVE-2026-0545, CVE-2025-14813, CVE-2026-0636, CVE-2026, CVE-2025-15031, CVE-2025-15036, CVE-2025, CVE-2026-42215,...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : GitPython vulnerabilities (USN-8303-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8303-1 advisory. Santos Gallegos discovered that GitPython did not properly validate paths when...
USN-8303-1 python-git vulnerabilities
Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu...
Astra Linux - уязвимость в python-git
GitPython is a Python library used to interact with Git repositories. To resolve certain Git references, GitPython reads files from the .git directory. In some cases, the name of the file being read is provided by the user; GitPython does not check whether this file is located outside the .git...
Fedora 43 : GitPython (2026-ee7b1c75b6)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ee7b1c75b6 advisory. Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w. Tenable has extracted the preceding description block directly from the Fedora security advisor...
Fedora 44 : GitPython (2026-b4653c757d)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b4653c757d advisory. Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w. Tenable has extracted the preceding description block directly from the Fedora security advisor...
OPENSUSE-SU-2026:20777-1 Security update for python-GitPython
This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...
SUSE-SU-2026:21813-1 Security update for python-GitPython
This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...
OESA-2026-2308 python-GitPython security update
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and...
OESA-2026-2307 python-GitPython security update
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and...
OESA-2026-2306 python-GitPython security update
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and...