VulnerableCode Package Details - pkg:pypi/pygit2@0.27.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-52tu-vs8k-fbfe Aliases: CVE-2020-12278 GHSA-5wph-8frv-58vj	libgit2: files inside the .git directory may be overwritten during cloning via NTFS Alternate Data Streams	1.1.0 Affected by 0 other vulnerabilities.
VCID-tmtv-wcxy-sqht Aliases: CVE-2020-12279 GHSA-589j-mmg9-733v	libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux	1.1.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-52tu-vs8k-fbfe
Aliases:
CVE-2020-12278
GHSA-5wph-8frv-58vj

libgit2: files inside the .git directory may be overwritten during cloning via NTFS Alternate Data Streams

1.1.0
Affected by 0 other vulnerabilities.

VCID-tmtv-wcxy-sqht
Aliases:
CVE-2020-12279
GHSA-589j-mmg9-733v

libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux

1.1.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1uzu-6121-x7bc	Out-of-bounds Read The libgit2 library, which is used by pygit2, is vulnerable to an integer overflow which leads to an out-of-bound read. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.	CVE-2018-10887
VCID-2s6d-9bsu-zqaq	Out-of-bounds Read A flaw was found in libgit2 which is wrapped by the rugged gem. A missing check in git_delta_apply function in `delta.c` file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.	CVE-2018-10888

Vulnerability

Summary

Aliases

VCID-1uzu-6121-x7bc

Out-of-bounds Read The libgit2 library, which is used by pygit2, is vulnerable to an integer overflow which leads to an out-of-bound read. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

CVE-2018-10887

VCID-2s6d-9bsu-zqaq

Out-of-bounds Read A flaw was found in libgit2 which is wrapped by the rugged gem. A missing check in git_delta_apply function in `delta.c` file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.

CVE-2018-10888

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:02:49.817007+00:00	GitLab Importer	Affected by	VCID-tmtv-wcxy-sqht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2020-12279.yml	38.4.0
2026-04-16T21:02:49.523235+00:00	GitLab Importer	Affected by	VCID-52tu-vs8k-fbfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2020-12278.yml	38.4.0
2026-04-11T22:14:12.633469+00:00	GitLab Importer	Affected by	VCID-tmtv-wcxy-sqht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2020-12279.yml	38.3.0
2026-04-11T22:14:12.308347+00:00	GitLab Importer	Affected by	VCID-52tu-vs8k-fbfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2020-12278.yml	38.3.0
2026-04-02T22:26:33.556057+00:00	GitLab Importer	Affected by	VCID-tmtv-wcxy-sqht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2020-12279.yml	38.1.0
2026-04-02T22:26:33.209550+00:00	GitLab Importer	Affected by	VCID-52tu-vs8k-fbfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2020-12278.yml	38.1.0
2026-04-01T12:47:50.078794+00:00	GitLab Importer	Fixing	VCID-2s6d-9bsu-zqaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2018-10888.yml	38.0.0
2026-04-01T12:47:49.842058+00:00	GitLab Importer	Fixing	VCID-1uzu-6121-x7bc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pygit2/CVE-2018-10887.yml	38.0.0