Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/dulwich@0.9.1
purl pkg:pypi/dulwich@0.9.1
Next non-vulnerable version 0.18.5
Latest non-vulnerable version 0.18.5
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-74n4-53mc-2uc3
Aliases:
CVE-2014-9706
GHSA-4j5j-58j7-6c3w
PYSEC-2015-34
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
0.9.9
Affected by 1 other vulnerability.
VCID-duga-b9sn-b7fc
Aliases:
CVE-2015-0838
GHSA-vjjf-3rvg-gv3v
PYSEC-2015-35
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
0.9.9
Affected by 1 other vulnerability.
VCID-wegc-1zcu-qygw
Aliases:
CVE-2017-16228
GHSA-cwwh-4382-6fwr
PYSEC-2017-12
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
0.18.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T20:32:45.915557+00:00 GitLab Importer Affected by VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.5.0
2026-04-29T20:32:40.294746+00:00 GitLab Importer Affected by VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.5.0
2026-04-29T20:27:09.747782+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.5.0
2026-04-16T21:53:08.661145+00:00 GitLab Importer Affected by VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.4.0
2026-04-16T21:53:03.143453+00:00 GitLab Importer Affected by VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.4.0
2026-04-16T21:47:24.987015+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.4.0
2026-04-11T23:08:42.615676+00:00 GitLab Importer Affected by VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.3.0
2026-04-11T23:08:37.406904+00:00 GitLab Importer Affected by VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.3.0
2026-04-11T23:03:14.998976+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.3.0
2026-04-02T23:17:19.005347+00:00 GitLab Importer Affected by VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.1.0
2026-04-02T23:17:13.759860+00:00 GitLab Importer Affected by VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.1.0
2026-04-02T23:11:38.194257+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.1.0
2026-04-01T17:37:30.021892+00:00 GitLab Importer Affected by VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.0.0
2026-04-01T17:37:23.804887+00:00 GitLab Importer Affected by VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.0.0
2026-04-01T17:31:31.265775+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.0.0
2026-04-01T15:00:05.366321+00:00 PyPI Importer Affected by VCID-wegc-1zcu-qygw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T14:59:19.705886+00:00 PyPI Importer Affected by VCID-74n4-53mc-2uc3 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T14:59:19.251089+00:00 PyPI Importer Affected by VCID-duga-b9sn-b7fc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:41:37.583375+00:00 Pypa Importer Affected by VCID-wegc-1zcu-qygw https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2017-12.yaml 38.0.0
2026-04-01T12:41:13.814443+00:00 Pypa Importer Affected by VCID-74n4-53mc-2uc3 https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2015-34.yaml 38.0.0
2026-04-01T12:41:13.733012+00:00 Pypa Importer Affected by VCID-duga-b9sn-b7fc https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2015-35.yaml 38.0.0