Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/mercurial@3.6rc0

Type pypi

Namespace

Name mercurial

Version 3.6rc0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9

Latest_non_vulnerable_version 4.9

Affected_by_vulnerabilities

url VCID-276p-r83g-9fce

vulnerability_id VCID-276p-r83g-9fce

summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

references

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_url	https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-17983
reference_id	CVE-2018-17983
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_url	https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id	GHSA-p575-cf9h-wv42
reference_type
scores
url	https://github.com/advisories/GHSA-p575-cf9h-wv42

fixed_packages

url pkg:pypi/mercurial@4.7.2

purl pkg:pypi/mercurial@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ygk8-66cv-3qfk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.7.2

aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-276p-r83g-9fce

url VCID-54jw-rtbb-nkbx

vulnerability_id VCID-54jw-rtbb-nkbx

summary multiple issues

references

reference_url	https://access.redhat.com/errata/RHSA-2017:2489
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2489

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_url	https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201709-18

reference_url	https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url	http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3963

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

https://security.archlinux.org/AVG-378

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-378

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-1000115
reference_id	CVE-2017-1000115
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-1000115

reference_url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr
reference_id	GHSA-hvr9-wr9p-grgr
reference_type
scores
url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr

fixed_packages

url pkg:pypi/mercurial@4.3

purl pkg:pypi/mercurial@4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3

url pkg:pypi/mercurial@4.3.1

purl pkg:pypi/mercurial@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3.1

aliases CVE-2017-1000115, GHSA-hvr9-wr9p-grgr, PYSEC-2017-88

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54jw-rtbb-nkbx

url VCID-7t7h-jrwp-fbbh

vulnerability_id VCID-7t7h-jrwp-fbbh

summary multiple issues

references

reference_url	https://access.redhat.com/errata/RHSA-2017:2489
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2489

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_url	https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201709-18

reference_url	https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url	https://wiki.mercurial-scm.org/WhatsNew/Archive
reference_id
reference_type
scores
url	https://wiki.mercurial-scm.org/WhatsNew/Archive

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url	http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3963

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

https://security.archlinux.org/AVG-378

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-378

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-1000116
reference_id	CVE-2017-1000116
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-1000116

reference_url	https://github.com/advisories/GHSA-3qmg-c9vc-r47j
reference_id	GHSA-3qmg-c9vc-r47j
reference_type
scores
url	https://github.com/advisories/GHSA-3qmg-c9vc-r47j

fixed_packages

url pkg:pypi/mercurial@4.3

purl pkg:pypi/mercurial@4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3

aliases CVE-2017-1000116, GHSA-3qmg-c9vc-r47j, PYSEC-2017-89

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7t7h-jrwp-fbbh

url VCID-adtx-td2c-kbbx

vulnerability_id VCID-adtx-td2c-kbbx

summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0706.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0706.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3068

reference_id

reference_type

scores

value	0.05001
scoring_system	epss
scoring_elements	0.89863
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3068

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml

reference_url	https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201612-19

reference_url	https://selenic.com/repo/hg-stable/rev/34d43cb85de8
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/34d43cb85de8

reference_url	https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
url	https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url	http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3542

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_url	http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85733

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-3068
reference_id	CVE-2016-3068
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-3068

reference_url	https://github.com/advisories/GHSA-j7c2-rqm3-c97m
reference_id	GHSA-j7c2-rqm3-c97m
reference_type
scores
url	https://github.com/advisories/GHSA-j7c2-rqm3-c97m

fixed_packages

url pkg:pypi/mercurial@3.7.3

purl pkg:pypi/mercurial@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-54jw-rtbb-nkbx

vulnerability	VCID-7t7h-jrwp-fbbh

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-xevg-81h1-dfh5

vulnerability	VCID-ycw2-p9yf-tbdg

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3

aliases CVE-2016-3068, GHSA-j7c2-rqm3-c97m, PYSEC-2016-26

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-adtx-td2c-kbbx

url VCID-axnb-e6z9-5ucj

vulnerability_id VCID-axnb-e6z9-5ucj

summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0706.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0706.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3069

reference_id

reference_type

scores

value	0.0283
scoring_system	epss
scoring_elements	0.86433
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3069

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml

reference_url	https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201612-19

reference_url	https://selenic.com/repo/hg-stable/rev/197eed39e3d5
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/197eed39e3d5

reference_url	https://selenic.com/repo/hg-stable/rev/80cac1de6aea
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/80cac1de6aea

reference_url	https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/ae279d4a19e9

reference_url	https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/b732e7f2aba4

reference_url	https://selenic.com/repo/hg-stable/rev/cdda7b96afff
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/cdda7b96afff

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url	http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3542

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-3069
reference_id	CVE-2016-3069
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-3069

reference_url	https://github.com/advisories/GHSA-8fm8-7365-5rh2
reference_id	GHSA-8fm8-7365-5rh2
reference_type
scores
url	https://github.com/advisories/GHSA-8fm8-7365-5rh2

fixed_packages

url pkg:pypi/mercurial@3.7.3

purl pkg:pypi/mercurial@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-54jw-rtbb-nkbx

vulnerability	VCID-7t7h-jrwp-fbbh

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-xevg-81h1-dfh5

vulnerability	VCID-ycw2-p9yf-tbdg

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3

aliases CVE-2016-3069, GHSA-8fm8-7365-5rh2, PYSEC-2016-27

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axnb-e6z9-5ucj

url VCID-cjyt-q73h-2kga

vulnerability_id VCID-cjyt-q73h-2kga

summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

references

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url	https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/repo/hg/rev/90a274965de7

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-13348
reference_id	CVE-2018-13348
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-13348

reference_url	https://github.com/advisories/GHSA-3v62-ww8w-758m
reference_id	GHSA-3v62-ww8w-758m
reference_type
scores
url	https://github.com/advisories/GHSA-3v62-ww8w-758m

fixed_packages

url pkg:pypi/mercurial@4.6.1

purl pkg:pypi/mercurial@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-ygk8-66cv-3qfk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1

aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjyt-q73h-2kga

url VCID-mmrr-cjnk-nyep

vulnerability_id VCID-mmrr-cjnk-nyep

summary In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

references

reference_url	https://bz.mercurial-scm.org/show_bug.cgi?id=5730
reference_id
reference_type
scores
url	https://bz.mercurial-scm.org/show_bug.cgi?id=5730

reference_url	https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
reference_id
reference_type
scores
url	https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html

reference_url	https://github.com/dscho/hg
reference_id
reference_type
scores
url	https://github.com/dscho/hg

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url	https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926

reference_url	https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29

reference_url	http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102926

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-17458
reference_id	CVE-2017-17458
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-17458

reference_url	https://github.com/advisories/GHSA-6v56-cpg6-3rpx
reference_id	GHSA-6v56-cpg6-3rpx
reference_type
scores
url	https://github.com/advisories/GHSA-6v56-cpg6-3rpx

fixed_packages

url pkg:pypi/mercurial@4.4.1

purl pkg:pypi/mercurial@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4.1

aliases CVE-2017-17458, GHSA-6v56-cpg6-3rpx, PYSEC-2017-90

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmrr-cjnk-nyep

url VCID-nwr3-zjfg-bfgk

vulnerability_id VCID-nwr3-zjfg-bfgk

summary mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

references

reference_url	https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2276

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url	https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A

reference_url	https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-13347
reference_id	CVE-2018-13347
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-13347

reference_url	https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
reference_id	GHSA-3mjj-mr4f-qxmx
reference_type
scores
url	https://github.com/advisories/GHSA-3mjj-mr4f-qxmx

fixed_packages

url pkg:pypi/mercurial@4.6.1

purl pkg:pypi/mercurial@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-ygk8-66cv-3qfk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1

aliases CVE-2018-13347, GHSA-3mjj-mr4f-qxmx, PYSEC-2018-89

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwr3-zjfg-bfgk

url VCID-q6yp-wka7-eyb5

vulnerability_id VCID-q6yp-wka7-eyb5

summary The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3630

reference_id

reference_type

scores

value	0.05192
scoring_system	epss
scoring_elements	0.90066
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3630

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml

reference_url	https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201612-19

reference_url	https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf

reference_url	https://selenic.com/repo/hg-stable/rev/b9714d958e89
reference_id
reference_type
scores
url	https://selenic.com/repo/hg-stable/rev/b9714d958e89

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url	http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3542

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-3630
reference_id	CVE-2016-3630
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-3630

reference_url	https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
reference_id	GHSA-9vjf-jjcq-3gh7
reference_type
scores
url	https://github.com/advisories/GHSA-9vjf-jjcq-3gh7

fixed_packages

url pkg:pypi/mercurial@3.7.3

purl pkg:pypi/mercurial@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-54jw-rtbb-nkbx

vulnerability	VCID-7t7h-jrwp-fbbh

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-xevg-81h1-dfh5

vulnerability	VCID-ycw2-p9yf-tbdg

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3

aliases CVE-2016-3630, GHSA-9vjf-jjcq-3gh7, PYSEC-2016-29

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q6yp-wka7-eyb5

url VCID-u1z6-pw66-z3c2

vulnerability_id VCID-u1z6-pw66-z3c2

summary The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

references

reference_url	https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2276

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url	https://www.mercurial-scm.org/repo/hg/rev/faa924469635
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/repo/hg/rev/faa924469635

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-13346
reference_id	CVE-2018-13346
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-13346

reference_url	https://github.com/advisories/GHSA-9xv4-r2hf-26gh
reference_id	GHSA-9xv4-r2hf-26gh
reference_type
scores
url	https://github.com/advisories/GHSA-9xv4-r2hf-26gh

fixed_packages

url pkg:pypi/mercurial@4.6.1

purl pkg:pypi/mercurial@4.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-ygk8-66cv-3qfk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1

aliases CVE-2018-13346, GHSA-9xv4-r2hf-26gh, PYSEC-2018-88

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1z6-pw66-z3c2

url VCID-xevg-81h1-dfh5

vulnerability_id VCID-xevg-81h1-dfh5

summary The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_id

reference_type

scores

value	0.0118
scoring_system	epss
scoring_elements	0.79069
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_url	https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201612-19

reference_url	https://selenic.com/hg/rev/a56296f55a5e
reference_id
reference_type
scores
url	https://selenic.com/hg/rev/a56296f55a5e

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_url	http://www.debian.org/security/2016/dsa-3570
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3570

reference_url	http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90536

reference_url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
reference_id
reference_type
scores
url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

fixed_packages

url pkg:pypi/mercurial@3.8rc0

purl pkg:pypi/mercurial@3.8rc0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-54jw-rtbb-nkbx

vulnerability	VCID-7t7h-jrwp-fbbh

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ycw2-p9yf-tbdg

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.8rc0

aliases CVE-2016-3105, PYSEC-2016-28

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xevg-81h1-dfh5

url VCID-ycw2-p9yf-tbdg

vulnerability_id VCID-ycw2-p9yf-tbdg

summary In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

references

reference_url	https://access.redhat.com/errata/RHSA-2017:1576
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1576

reference_url	https://bugs.debian.org/861243
reference_id
reference_type
scores
url	https://bugs.debian.org/861243

reference_url	https://github.com/advisories/GHSA-ghjx-3jg5-h6r2
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-ghjx-3jg5-h6r2

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_url	https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201709-18

reference_url	https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123

reference_url	https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29

reference_url	http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3963

reference_url	http://www.securityfocus.com/bid/99123
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99123

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9462
reference_id	CVE-2017-9462
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9462

fixed_packages

url pkg:pypi/mercurial@4.1.3

purl pkg:pypi/mercurial@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-54jw-rtbb-nkbx

vulnerability	VCID-7t7h-jrwp-fbbh

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-mmrr-cjnk-nyep

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ygk8-66cv-3qfk

vulnerability	VCID-zq69-6454-sfba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.1.3

aliases CVE-2017-9462, GHSA-ghjx-3jg5-h6r2, PYSEC-2017-91

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycw2-p9yf-tbdg

url VCID-ygk8-66cv-3qfk

vulnerability_id VCID-ygk8-66cv-3qfk

summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

references

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url	https://usn.ubuntu.com/4086-1
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4086-1

reference_url	https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4086-1/

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-3902
reference_id	CVE-2019-3902
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_url	https://github.com/advisories/GHSA-mq66-vcfc-8246
reference_id	GHSA-mq66-vcfc-8246
reference_type
scores
url	https://github.com/advisories/GHSA-mq66-vcfc-8246

fixed_packages

url	pkg:pypi/mercurial@4.9
purl	pkg:pypi/mercurial@4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.9

aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygk8-66cv-3qfk

url VCID-zq69-6454-sfba

vulnerability_id VCID-zq69-6454-sfba

summary Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

references

reference_url	https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2276

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html

reference_url	https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
reference_id
reference_type
scores
url	https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
reference_id	CVE-2018-1000132
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000132

reference_url	https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
reference_id	GHSA-4mr4-7vjv-9hm6
reference_type
scores
url	https://github.com/advisories/GHSA-4mr4-7vjv-9hm6

fixed_packages

url pkg:pypi/mercurial@4.5.1

purl pkg:pypi/mercurial@4.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-276p-r83g-9fce

vulnerability	VCID-cjyt-q73h-2kga

vulnerability	VCID-nwr3-zjfg-bfgk

vulnerability	VCID-u1z6-pw66-z3c2

vulnerability	VCID-ygk8-66cv-3qfk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.5.1

aliases CVE-2018-1000132, GHSA-4mr4-7vjv-9hm6, PYSEC-2018-87

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zq69-6454-sfba

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.6rc0

Package Instance