Security: gitpython-developers/GitPython
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPathGHSA-mv93-w799-cj2w published
May 6, 2026 by ByronHigh -
Newline injection in config_writer().set_value() enables RCE via core.hooksPathGHSA-v87r-6q3f-2j67 published
Apr 29, 2026 by ByronHigh -
Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repositoryGHSA-7545-fcxq-7j24 published
Apr 28, 2026 by ByronModerate -
Unsafe option check validates multi_options before shlex.split transforms itGHSA-x2qx-6953-8485 published
Apr 22, 2026 by ByronHigh -
Command injection via Git options bypassGHSA-rpm5-65cw-6hj4 published
Apr 22, 2026 by ByronHigh -
Untrusted search path under some conditions on Windows allows arbitrary code executionGHSA-2mqj-m65w-jghx published
Jan 10, 2024 by ByronHigh -
Untrusted search path on Windows systems leading to arbitrary code executionGHSA-wfm5-v35h-vwf4 published
Aug 26, 2023 by ByronHigh -
Blind local file inclusionGHSA-cwvm-v4w8-q58c published
Aug 26, 2023 by ByronModerate