Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mercurial@4.7.2
purl pkg:pypi/mercurial@4.7.2
Next non-vulnerable version 4.9
Latest non-vulnerable version 4.9
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-z346-9s62-afaz
Aliases:
CVE-2019-3902
GHSA-mq66-vcfc-8246
PYSEC-2019-188
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
4.9
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-t9gd-va4q-a3ga cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. CVE-2018-17983
GHSA-p575-cf9h-wv42
PYSEC-2018-91

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:51:42.668282+00:00 GitLab Importer Fixing VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.4.0
2026-04-16T21:40:32.479376+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.4.0
2026-04-11T23:07:38.867507+00:00 GitLab Importer Fixing VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.3.0
2026-04-11T22:55:51.210515+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.3.0
2026-04-04T14:30:36.177301+00:00 GHSA Importer Fixing VCID-t9gd-va4q-a3ga https://github.com/advisories/GHSA-p575-cf9h-wv42 38.1.0
2026-04-02T23:15:58.473854+00:00 GitLab Importer Fixing VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.1.0
2026-04-02T23:04:53.892033+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.1.0
2026-04-01T17:23:51.948508+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.0.0
2026-04-01T15:00:50.327901+00:00 PyPI Importer Affected by VCID-z346-9s62-afaz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:26.871803+00:00 PyPI Importer Fixing VCID-t9gd-va4q-a3ga https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:10:39.113416+00:00 GithubOSV Importer Fixing VCID-t9gd-va4q-a3ga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p575-cf9h-wv42/GHSA-p575-cf9h-wv42.json 38.0.0
2026-04-01T12:50:36.684048+00:00 GitLab Importer Fixing VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.0.0
2026-04-01T12:41:59.752740+00:00 Pypa Importer Affected by VCID-z346-9s62-afaz https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2019-188.yaml 38.0.0
2026-04-01T12:41:49.881147+00:00 Pypa Importer Fixing VCID-t9gd-va4q-a3ga https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2018-91.yaml 38.0.0