Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mercurial@4.8rc0
purl pkg:pypi/mercurial@4.8rc0
Next non-vulnerable version 4.9
Latest non-vulnerable version 4.9
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-z346-9s62-afaz
Aliases:
CVE-2019-3902
GHSA-mq66-vcfc-8246
PYSEC-2019-188
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
4.9
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:40:32.482574+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.4.0
2026-04-11T22:55:51.214533+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.3.0
2026-04-02T23:04:53.895301+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.1.0
2026-04-01T17:23:51.951717+00:00 GitLab Importer Affected by VCID-z346-9s62-afaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2019-3902.yml 38.0.0
2026-04-01T15:00:50.331443+00:00 PyPI Importer Affected by VCID-z346-9s62-afaz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:41:59.754909+00:00 Pypa Importer Affected by VCID-z346-9s62-afaz https://github.com/pypa/advisory-database/blob/main/vulns/mercurial/PYSEC-2019-188.yaml 38.0.0