Search for packages
| purl | pkg:pypi/gitpython@3.1.41 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-y786-mwkd-u7ha | GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. |
CVE-2024-22190
GHSA-2mqj-m65w-jghx PYSEC-2024-4 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:04:19.390150+00:00 | GHSA Importer | Fixing | VCID-y786-mwkd-u7ha | https://github.com/advisories/GHSA-2mqj-m65w-jghx | 38.0.0 |
| 2026-04-01T15:15:43.026791+00:00 | PyPI Importer | Fixing | VCID-y786-mwkd-u7ha | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.0.0 |
| 2026-04-01T12:52:22.903136+00:00 | GitLab Importer | Fixing | VCID-y786-mwkd-u7ha | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/GitPython/CVE-2024-22190.yml | 38.0.0 |
| 2026-04-01T12:50:01.659540+00:00 | GithubOSV Importer | Fixing | VCID-y786-mwkd-u7ha | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-2mqj-m65w-jghx/GHSA-2mqj-m65w-jghx.json | 38.0.0 |
| 2026-04-01T12:49:11.391769+00:00 | Pypa Importer | Fixing | VCID-y786-mwkd-u7ha | https://github.com/pypa/advisory-database/blob/main/vulns/gitpython/PYSEC-2024-4.yaml | 38.0.0 |