Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/dulwich@0.18.2
purl pkg:pypi/dulwich@0.18.2
Next non-vulnerable version 0.18.5
Latest non-vulnerable version 0.18.5
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-wegc-1zcu-qygw
Aliases:
CVE-2017-16228
GHSA-cwwh-4382-6fwr
PYSEC-2017-12
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
0.18.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:47:25.078805+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.4.0
2026-04-11T23:03:15.105855+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.3.0
2026-04-02T23:11:38.290683+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.1.0
2026-04-01T17:31:31.361962+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.0.0
2026-04-01T15:00:05.462013+00:00 PyPI Importer Affected by VCID-wegc-1zcu-qygw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:41:37.640205+00:00 Pypa Importer Affected by VCID-wegc-1zcu-qygw https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2017-12.yaml 38.0.0