Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/dulwich@0.9.9
purl pkg:pypi/dulwich@0.9.9
Next non-vulnerable version 0.18.5
Latest non-vulnerable version 0.18.5
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-wegc-1zcu-qygw
Aliases:
CVE-2017-16228
GHSA-cwwh-4382-6fwr
PYSEC-2017-12
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
0.18.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-74n4-53mc-2uc3 The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. CVE-2014-9706
GHSA-4j5j-58j7-6c3w
PYSEC-2015-34
VCID-duga-b9sn-b7fc Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. CVE-2015-0838
GHSA-vjjf-3rvg-gv3v
PYSEC-2015-35

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T20:32:45.942334+00:00 GitLab Importer Fixing VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.5.0
2026-04-29T20:32:40.321404+00:00 GitLab Importer Fixing VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.5.0
2026-04-29T20:27:09.776618+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.5.0
2026-04-16T21:53:08.687729+00:00 GitLab Importer Fixing VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.4.0
2026-04-16T21:53:03.170072+00:00 GitLab Importer Fixing VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.4.0
2026-04-16T21:47:25.013368+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.4.0
2026-04-11T23:08:42.628015+00:00 GitLab Importer Fixing VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.3.0
2026-04-11T23:08:37.421452+00:00 GitLab Importer Fixing VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.3.0
2026-04-11T23:03:15.031571+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.3.0
2026-04-04T14:31:38.928236+00:00 GHSA Importer Fixing VCID-duga-b9sn-b7fc https://github.com/advisories/GHSA-vjjf-3rvg-gv3v 38.1.0
2026-04-04T14:31:38.904354+00:00 GHSA Importer Fixing VCID-74n4-53mc-2uc3 https://github.com/advisories/GHSA-4j5j-58j7-6c3w 38.1.0
2026-04-02T23:17:19.031903+00:00 GitLab Importer Fixing VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.1.0
2026-04-02T23:17:13.786389+00:00 GitLab Importer Fixing VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.1.0
2026-04-02T23:11:38.222034+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.1.0
2026-04-01T17:37:30.048273+00:00 GitLab Importer Fixing VCID-duga-b9sn-b7fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2015-0838.yml 38.0.0
2026-04-01T17:37:23.831436+00:00 GitLab Importer Fixing VCID-74n4-53mc-2uc3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2014-9706.yml 38.0.0
2026-04-01T17:31:31.292274+00:00 GitLab Importer Affected by VCID-wegc-1zcu-qygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dulwich/CVE-2017-16228.yml 38.0.0
2026-04-01T15:00:05.393655+00:00 PyPI Importer Affected by VCID-wegc-1zcu-qygw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T14:59:19.732655+00:00 PyPI Importer Fixing VCID-74n4-53mc-2uc3 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T14:59:19.279772+00:00 PyPI Importer Fixing VCID-duga-b9sn-b7fc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:11:30.241210+00:00 GithubOSV Importer Fixing VCID-74n4-53mc-2uc3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4j5j-58j7-6c3w/GHSA-4j5j-58j7-6c3w.json 38.0.0
2026-04-01T13:07:38.186299+00:00 GithubOSV Importer Fixing VCID-duga-b9sn-b7fc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjjf-3rvg-gv3v/GHSA-vjjf-3rvg-gv3v.json 38.0.0
2026-04-01T12:41:37.597964+00:00 Pypa Importer Affected by VCID-wegc-1zcu-qygw https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2017-12.yaml 38.0.0
2026-04-01T12:41:13.827829+00:00 Pypa Importer Fixing VCID-74n4-53mc-2uc3 https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2015-34.yaml 38.0.0
2026-04-01T12:41:13.749751+00:00 Pypa Importer Fixing VCID-duga-b9sn-b7fc https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2015-35.yaml 38.0.0