cbcvebase.

Gitpython-Developers Gitpython vulnerabilities

6 known vulnerabilities affecting gitpython-developers/gitpython.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-42215P2HIGHCVSS 8.8v>= 3.1.30, < 3.1.472026-05-07
CVE-2026-42215 [HIGH] CWE-78 CVE-2026-42215: GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clon
nvd
CVE-2026-42284P3CRITICALCVSS 9.8fixed in 3.1.472026-05-07
CVE-2026-42284 [CRITICAL] CWE-88 CVE-2026-42284: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clon GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--c
nvd
CVE-2026-44244P3HIGHCVSS 7.8fixed in 3.1.492026-05-07
CVE-2026-44244 [HIGH] CWE-94 CVE-2026-44244: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitCo GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as
nvd
CVE-2023-40590P3HIGHCVSS 7.8fixed in 3.1.412023-08-28
CVE-2023-40590 [HIGH] CWE-426 CVE-2023-40590: GitPython is a python library used to interact with Git repositories. When resolving a program, Pyt GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in
nvd
CVE-2026-44243P3HIGHCVSS 7.1fixed in 3.1.482026-05-07
CVE-2026-44243 [HIGH] CWE-22 CVE-2026-44243: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vul GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in refere
nvd
CVE-2023-41040P4MEDIUMCVSS 6.5fixed in 3.1.372023-08-30
CVE-2023-41040 [MEDIUM] CWE-22 CVE-2023-41040: GitPython is a python library used to interact with Git repositories. In order to resolve some git r GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython
nvd