SUSE CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

SUSE CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

SUSE CVE-2026-47734

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

CVE-2026-47734

Dulwich prior to 1.2.5 is vulnerable to an unbounded memory allocation in receive-pack when processing a crafted thin pack. A tiny push (~174 bytes) can declare a huge dest_size in the delta header, causing add_thin_pack / apply_delta to allocate hundreds of MB regardless of actual data. Impacted...

EUVD-2026-36181

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

CVE-2026-42305

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ProcessMergeDriver command. An attacker can execute arbitrary commands by crafting malicious file paths that are substituted into the merge driver command and executed with shell privileges when a victim merges...

Out-of-bounds Read

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Out-of-bounds Read through the WebSocket handler. An attacker can exhaust system resources and cause service outages by sending a rapid succession of WebSocket messages, which forces the server to spawn an...

PYSEC-2023-164

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

PT-2023-25702 · Unknown +1 · Borgbackup +1

Name of the Vulnerable Software and Affected Versions: borgbackup versions prior to 1.2.5 Description: A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...

PT-2022-17497 · Open62541 · Open62541

Name of the Vulnerable Software and Affected Versions: open62541/open62541 versions 1.2.0 through 1.2.4 open62541/open62541 versions 1.3-rc1 through 1.3.0 Description: The issue is related to a Denial of Service DoS due to a missing limitation on the number of received chunks per single session o...