VulnerableCode Vulnerability Details - VCID-4tn4-pbvn-h3hx

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4tn4-pbvn-h3hx

Essentials
Severities (2)
References (2)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4tn4-pbvn-h3hx
Aliases	GHSA-rpm5-65cw-6hj4
Summary	GitPython has Command Injection via Git options bypass
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

System	Score	Found at
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-rpm5-65cw-6hj4
cvssv3.1_qr	HIGH	https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4

Reference id	Reference type	URL
GHSA-rpm5-65cw-6hj4		https://github.com/advisories/GHSA-rpm5-65cw-6hj4
GHSA-rpm5-65cw-6hj4		https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-26T22:37:26.082702+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-rpm5-65cw-6hj4	38.4.0