VulnerableCode Package Details - pkg:pypi/dulwich@0.3.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-74n4-53mc-2uc3 Aliases: CVE-2014-9706 GHSA-4j5j-58j7-6c3w PYSEC-2015-34	The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.	0.9.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-duga-b9sn-b7fc Aliases: CVE-2015-0838 GHSA-vjjf-3rvg-gv3v PYSEC-2015-35	Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.	0.9.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wegc-1zcu-qygw Aliases: CVE-2017-16228 GHSA-cwwh-4382-6fwr PYSEC-2017-12	Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.	0.18.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-74n4-53mc-2uc3
Aliases:
CVE-2014-9706
GHSA-4j5j-58j7-6c3w
PYSEC-2015-34

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

0.9.9
Affected by 1 other vulnerability.

VCID-duga-b9sn-b7fc
Aliases:
CVE-2015-0838
GHSA-vjjf-3rvg-gv3v
PYSEC-2015-35

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

0.9.9
Affected by 1 other vulnerability.

VCID-wegc-1zcu-qygw
Aliases:
CVE-2017-16228
GHSA-cwwh-4382-6fwr
PYSEC-2017-12

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.

0.18.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:53:08.601073+00:00	GitLab Importer	Affected by	VCID-duga-b9sn-b7fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml	38.4.0
2026-04-16T21:53:03.083892+00:00	GitLab Importer	Affected by	VCID-74n4-53mc-2uc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml	38.4.0
2026-04-16T21:47:24.928069+00:00	GitLab Importer	Affected by	VCID-wegc-1zcu-qygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml	38.4.0
2026-04-11T23:08:42.582383+00:00	GitLab Importer	Affected by	VCID-duga-b9sn-b7fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml	38.3.0
2026-04-11T23:08:37.374111+00:00	GitLab Importer	Affected by	VCID-74n4-53mc-2uc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml	38.3.0
2026-04-11T23:03:14.932238+00:00	GitLab Importer	Affected by	VCID-wegc-1zcu-qygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml	38.3.0
2026-04-02T23:17:18.945923+00:00	GitLab Importer	Affected by	VCID-duga-b9sn-b7fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml	38.1.0
2026-04-02T23:17:13.700132+00:00	GitLab Importer	Affected by	VCID-74n4-53mc-2uc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml	38.1.0
2026-04-02T23:11:38.135839+00:00	GitLab Importer	Affected by	VCID-wegc-1zcu-qygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml	38.1.0
2026-04-01T17:37:29.962274+00:00	GitLab Importer	Affected by	VCID-duga-b9sn-b7fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml	38.0.0
2026-04-01T17:37:23.743066+00:00	GitLab Importer	Affected by	VCID-74n4-53mc-2uc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml	38.0.0
2026-04-01T17:31:31.205469+00:00	GitLab Importer	Affected by	VCID-wegc-1zcu-qygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml	38.0.0
2026-04-01T15:00:05.304265+00:00	PyPI Importer	Affected by	VCID-wegc-1zcu-qygw	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T14:59:19.646037+00:00	PyPI Importer	Affected by	VCID-74n4-53mc-2uc3	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T14:59:19.190726+00:00	PyPI Importer	Affected by	VCID-duga-b9sn-b7fc	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:41:37.550961+00:00	Pypa Importer	Affected by	VCID-wegc-1zcu-qygw	https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2017-12.yaml	38.0.0
2026-04-01T12:41:13.783495+00:00	Pypa Importer	Affected by	VCID-74n4-53mc-2uc3	https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2015-34.yaml	38.0.0
2026-04-01T12:41:13.695338+00:00	Pypa Importer	Affected by	VCID-duga-b9sn-b7fc	https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2015-35.yaml	38.0.0