Browse all 7 CVE security advisories affecting gitpython-developers. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GitPython-developers maintain a Python library for Git version control integration, primarily used by developers to automate repository operations. Historically, they've faced multiple remote code execution vulnerabilities through unsafe subprocess calls and path traversal issues, alongside cross-site scripting flaws in web interfaces. The project has documented seven CVEs, with several allowing arbitrary command execution via crafted repository paths or malicious Git operations. While no major public incidents are recorded, the consistent pattern of unsafe subprocess handling suggests ongoing security challenges. The library's widespread use in automation tools increases potential impact, though recent versions show improved input validation and sandboxing practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-44243 | GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository — GitPythonCWE-22 | - | - | 2026-05-07 |
| CVE-2026-44244 | GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath — GitPythonCWE-94 | 7.8 | High | 2026-05-07 |
| CVE-2026-42284 | GitPython: Unsafe option check validates multi_options before shlex.split transforms it — GitPythonCWE-88 | 8.1 | High | 2026-05-07 |
| CVE-2026-42215 | GitPython: Command injection via Git options bypass — GitPythonCWE-78 | 8.8 | High | 2026-05-07 |
| CVE-2024-22190 | Untrusted search path under some conditions on Windows allows arbitrary code execution — GitPythonCWE-426 | 7.8 | High | 2024-01-11 |
| CVE-2023-41040 | GitPython blind local file inclusion — GitPythonCWE-22 | 4.0 | Medium | 2023-08-30 |
| CVE-2023-40590 | Untrusted search path on Windows systems leading to arbitrary code execution — GitPythonCWE-426 | 7.8 | High | 2023-08-28 |
This page lists every published CVE security advisory associated with gitpython-developers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.