Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mercurial@4.7rc0
purl pkg:pypi/mercurial@4.7rc0
Next non-vulnerable version 4.9
Latest non-vulnerable version 4.9
Risk 4.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-t9gd-va4q-a3ga
Aliases:
CVE-2018-17983
GHSA-p575-cf9h-wv42
PYSEC-2018-91
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
4.7.2
Affected by 1 other vulnerability.
VCID-z346-9s62-afaz
Aliases:
CVE-2019-3902
GHSA-mq66-vcfc-8246
PYSEC-2019-188
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
4.9
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:51:42.658336+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.4.0
2026-04-16T21:40:32.470210+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.4.0
2026-04-11T23:07:38.862081+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.3.0
2026-04-11T22:55:51.198578+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.3.0
2026-04-02T23:15:58.464010+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.1.0
2026-04-02T23:04:53.882250+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.1.0
2026-04-01T17:36:02.539624+00:00 GitLab Importer Affected by VCID-t9gd-va4q-a3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2018-17983.yml 38.0.0
2026-04-01T17:23:51.938803+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.0.0
2026-04-01T15:00:50.317238+00:00 PyPI Importer Affected by VCID-z346-9s62-afaz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:26.861408+00:00 PyPI Importer Affected by VCID-t9gd-va4q-a3ga https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:41:59.747524+00:00 Pypa Importer Affected by VCID-z346-9s62-afaz https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2019-188.yaml 38.0.0
2026-04-01T12:41:49.875533+00:00 Pypa Importer Affected by VCID-t9gd-va4q-a3ga https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2018-91.yaml 38.0.0