Search for packages
| purl | pkg:pypi/gitpython@3.1.40 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-y786-mwkd-u7ha
Aliases: CVE-2024-22190 GHSA-2mqj-m65w-jghx PYSEC-2024-4 |
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:47:57.564932+00:00 | GitLab Importer | Affected by | VCID-y786-mwkd-u7ha | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/GitPython/CVE-2024-22190.yml | 38.4.0 |
| 2026-04-12T00:07:43.857850+00:00 | GitLab Importer | Affected by | VCID-y786-mwkd-u7ha | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/GitPython/CVE-2024-22190.yml | 38.3.0 |
| 2026-04-03T00:12:24.034519+00:00 | GitLab Importer | Affected by | VCID-y786-mwkd-u7ha | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/GitPython/CVE-2024-22190.yml | 38.1.0 |
| 2026-04-01T15:15:43.023500+00:00 | PyPI Importer | Affected by | VCID-y786-mwkd-u7ha | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.0.0 |
| 2026-04-01T12:49:11.389841+00:00 | Pypa Importer | Affected by | VCID-y786-mwkd-u7ha | https://github.com/pypa/advisory-database/blob/main/vulns/gitpython/PYSEC-2024-4.yaml | 38.0.0 |