Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
Next non-vulnerable version 4.9
Latest non-vulnerable version 4.9
Risk 4.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-t9gd-va4q-a3ga
Aliases:
CVE-2018-17983
GHSA-p575-cf9h-wv42
PYSEC-2018-91
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
4.7.2
Affected by 1 other vulnerability.
VCID-z346-9s62-afaz
Aliases:
CVE-2019-3902
GHSA-mq66-vcfc-8246
PYSEC-2019-188
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
4.9
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-1kmd-1kun-qbdd The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. CVE-2018-13346
GHSA-9xv4-r2hf-26gh
PYSEC-2018-88
VCID-hhwu-knps-qqfw mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. CVE-2018-13347
GHSA-3mjj-mr4f-qxmx
PYSEC-2018-89
VCID-v91s-ety2-x7au The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. CVE-2018-13348
GHSA-3v62-ww8w-758m
PYSEC-2018-90

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T20:31:21.794094+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.5.0
2026-04-29T20:29:38.498625+00:00 GitLab Importer Fixing VCID-1kmd-1kun-qbdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13346.yml 38.5.0
2026-04-29T20:29:37.358804+00:00 GitLab Importer Fixing VCID-v91s-ety2-x7au https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13348.yml 38.5.0
2026-04-29T20:27:59.512641+00:00 GitLab Importer Fixing VCID-hhwu-knps-qqfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13347.yml 38.5.0
2026-04-29T20:20:14.857702+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.5.0
2026-04-16T21:51:42.651709+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.4.0
2026-04-16T21:49:57.434590+00:00 GitLab Importer Fixing VCID-1kmd-1kun-qbdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13346.yml 38.4.0
2026-04-16T21:49:56.335293+00:00 GitLab Importer Fixing VCID-v91s-ety2-x7au https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13348.yml 38.4.0
2026-04-16T21:48:14.542438+00:00 GitLab Importer Fixing VCID-hhwu-knps-qqfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13347.yml 38.4.0
2026-04-16T21:40:32.464030+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.4.0
2026-04-11T23:07:38.858483+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.3.0
2026-04-11T23:05:59.247315+00:00 GitLab Importer Fixing VCID-1kmd-1kun-qbdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13346.yml 38.3.0
2026-04-11T23:05:58.033208+00:00 GitLab Importer Fixing VCID-v91s-ety2-x7au https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13348.yml 38.3.0
2026-04-11T23:04:07.904650+00:00 GitLab Importer Fixing VCID-hhwu-knps-qqfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13347.yml 38.3.0
2026-04-11T22:55:51.190988+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.3.0
2026-04-02T23:15:58.457425+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.1.0
2026-04-02T23:14:13.590262+00:00 GitLab Importer Fixing VCID-1kmd-1kun-qbdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13346.yml 38.1.0
2026-04-02T23:14:12.516396+00:00 GitLab Importer Fixing VCID-v91s-ety2-x7au https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13348.yml 38.1.0
2026-04-02T23:12:29.553674+00:00 GitLab Importer Fixing VCID-hhwu-knps-qqfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13347.yml 38.1.0
2026-04-02T23:04:53.875588+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.1.0
2026-04-01T17:36:02.533141+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.0.0
2026-04-01T17:23:51.932339+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.0.0
2026-04-01T16:01:27.938061+00:00 GHSA Importer Fixing VCID-hhwu-knps-qqfw https://github.com/advisories/GHSA-3mjj-mr4f-qxmx 38.0.0
2026-04-01T16:01:27.885147+00:00 GHSA Importer Fixing VCID-1kmd-1kun-qbdd https://github.com/advisories/GHSA-9xv4-r2hf-26gh 38.0.0
2026-04-01T16:01:27.858533+00:00 GHSA Importer Fixing VCID-v91s-ety2-x7au https://github.com/advisories/GHSA-3v62-ww8w-758m 38.0.0
2026-04-01T15:00:50.310087+00:00 PyPI Importer Affected by VCID-z346-9s62-afaz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:26.854444+00:00 PyPI Importer Affected by VCID-t9gd-va4q-a3ga https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:21.487815+00:00 PyPI Importer Fixing VCID-v91s-ety2-x7au https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:20.918588+00:00 PyPI Importer Fixing VCID-1kmd-1kun-qbdd https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:20.361474+00:00 PyPI Importer Fixing VCID-hhwu-knps-qqfw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:09:49.983314+00:00 GithubOSV Importer Fixing VCID-1kmd-1kun-qbdd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9xv4-r2hf-26gh/GHSA-9xv4-r2hf-26gh.json 38.0.0
2026-04-01T13:08:23.507375+00:00 GithubOSV Importer Fixing VCID-hhwu-knps-qqfw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3mjj-mr4f-qxmx/GHSA-3mjj-mr4f-qxmx.json 38.0.0
2026-04-01T13:08:17.512631+00:00 GithubOSV Importer Fixing VCID-v91s-ety2-x7au https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3v62-ww8w-758m/GHSA-3v62-ww8w-758m.json 38.0.0
2026-04-01T12:50:24.883429+00:00 GitLab Importer Fixing VCID-1kmd-1kun-qbdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13346.yml 38.0.0
2026-04-01T12:50:24.661717+00:00 GitLab Importer Fixing VCID-v91s-ety2-x7au https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13348.yml 38.0.0
2026-04-01T12:50:12.953785+00:00 GitLab Importer Fixing VCID-hhwu-knps-qqfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-13347.yml 38.0.0
2026-04-01T12:41:59.744090+00:00 Pypa Importer Affected by VCID-z346-9s62-afaz https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2019-188.yaml 38.0.0
2026-04-01T12:41:49.871862+00:00 Pypa Importer Affected by VCID-t9gd-va4q-a3ga https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2018-91.yaml 38.0.0
2026-04-01T12:41:46.674511+00:00 Pypa Importer Fixing VCID-1kmd-1kun-qbdd https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2018-88.yaml 38.0.0
2026-04-01T12:41:46.388177+00:00 Pypa Importer Fixing VCID-hhwu-knps-qqfw https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2018-89.yaml 38.0.0
2026-04-01T12:41:46.108640+00:00 Pypa Importer Fixing VCID-v91s-ety2-x7au https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2018-90.yaml 38.0.0