Security: gitpython-developers/GitPython
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
command injection via unguarded Git options in `Repo.archive()`, `git.ls_remote()`, and arbitrary file overwrite via `Repo.iter_commits()` / `Repo.blame()`GHSA-956x-8gvw-wg5v published
Jul 12, 2026 by ByronHigh -
GitPython unsafe clone option gate bypass through joined short optionsGHSA-v396-v7q4-x2qj published
Jul 12, 2026 by ByronHigh -
Command Injection via git long-option prefix abbreviation bypass of CVE-2026-42215 blocklistGHSA-2f96-g7mh-g2hx published
Jul 12, 2026 by ByronHigh -
Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPathGHSA-mv93-w799-cj2w published
May 6, 2026 by ByronHigh -
Newline injection in config_writer().set_value() enables RCE via core.hooksPathGHSA-v87r-6q3f-2j67 published
Apr 29, 2026 by ByronHigh -
Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repositoryGHSA-7545-fcxq-7j24 published
Apr 28, 2026 by ByronModerate -
Unsafe option check validates multi_options before shlex.split transforms itGHSA-x2qx-6953-8485 published
Apr 22, 2026 by ByronHigh -
Command injection via Git options bypassGHSA-rpm5-65cw-6hj4 published
Apr 22, 2026 by ByronHigh -
Untrusted search path under some conditions on Windows allows arbitrary code executionGHSA-2mqj-m65w-jghx published
Jan 10, 2024 by ByronHigh -
Untrusted search path on Windows systems leading to arbitrary code executionGHSA-wfm5-v35h-vwf4 published
Aug 26, 2023 by ByronHigh