{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37255?format=json","vulnerability_id":"VCID-xav7-qhau-4ya7","summary":"OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the `get_git_diff()` method at `openhands/runtime/utils/git_handler.py:134`. The `path` parameter from the `/api/conversations/{conversation_id}/git/diff` API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitrary commands in the agent sandbox. The user is already allowed to instruct the agent to execute commands, but this bypasses the normal channels. Version 1.5.0 fixes the issue.","aliases":[{"alias":"CVE-2026-33718"},{"alias":"GHSA-7h8w-hj9j-8rjw"},{"alias":"PYSEC-2026-106"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48967?format=json","purl":"pkg:pypi/openhands-ai@1.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.5.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48877?format=json","purl":"pkg:pypi/openhands-ai@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/48878?format=json","purl":"pkg:pypi/openhands-ai@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48879?format=json","purl":"pkg:pypi/openhands-ai@0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48880?format=json","purl":"pkg:pypi/openhands-ai@0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48881?format=json","purl":"pkg:pypi/openhands-ai@0.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/48882?format=json","purl":"pkg:pypi/openhands-ai@0.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/48883?format=json","purl":"pkg:pypi/openhands-ai@0.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/48884?format=json","purl":"pkg:pypi/openhands-ai@0.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/48885?format=json","purl":"pkg:pypi/openhands-ai@0.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/48886?format=json","purl":"pkg:pypi/openhands-ai@0.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/48887?format=json","purl":"pkg:pypi/openhands-ai@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48888?format=json","purl":"pkg:pypi/openhands-ai@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48889?format=json","purl":"pkg:pypi/openhands-ai@0.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48890?format=json","purl":"pkg:pypi/openhands-ai@0.12.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.12.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48891?format=json","purl":"pkg:pypi/openhands-ai@0.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.12.3"},{"url":"http://public2.vulnerablecode.io/api/packages/48892?format=json","purl":"pkg:pypi/openhands-ai@0.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48893?format=json","purl":"pkg:pypi/openhands-ai@0.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48894?format=json","purl":"pkg:pypi/openhands-ai@0.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48895?format=json","purl":"pkg:pypi/openhands-ai@0.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48896?format=json","purl":"pkg:pypi/openhands-ai@0.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48897?format=json","purl":"pkg:pypi/openhands-ai@0.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.14.3"},{"url":"http://public2.vulnerablecode.io/api/packages/48898?format=json","purl":"pkg:pypi/openhands-ai@0.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.15.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48899?format=json","purl":"pkg:pypi/openhands-ai@0.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48900?format=json","purl":"pkg:pypi/openhands-ai@0.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.15.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48901?format=json","purl":"pkg:pypi/openhands-ai@0.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.15.3"},{"url":"http://public2.vulnerablecode.io/api/packages/48902?format=json","purl":"pkg:pypi/openhands-ai@0.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48903?format=json","purl":"pkg:pypi/openhands-ai@0.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48904?format=json","purl":"pkg:pypi/openhands-ai@0.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48905?format=json","purl":"pkg:pypi/openhands-ai@0.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.18.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48906?format=json","purl":"pkg:pypi/openhands-ai@0.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.19.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48907?format=json","purl":"pkg:pypi/openhands-ai@0.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.20.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48908?format=json","purl":"pkg:pypi/openhands-ai@0.21.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.21.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48909?format=json","purl":"pkg:pypi/openhands-ai@0.22.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.22.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48910?format=json","purl":"pkg:pypi/openhands-ai@0.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48911?format=json","purl":"pkg:pypi/openhands-ai@0.24.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.24.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48912?format=json","purl":"pkg:pypi/openhands-ai@0.25.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.25.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48913?format=json","purl":"pkg:pypi/openhands-ai@0.26.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.26.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48914?format=json","purl":"pkg:pypi/openhands-ai@0.27.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.27.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48915?format=json","purl":"pkg:pypi/openhands-ai@0.28.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.28.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48916?format=json","purl":"pkg:pypi/openhands-ai@0.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48917?format=json","purl":"pkg:pypi/openhands-ai@0.29.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.29.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48918?format=json","purl":"pkg:pypi/openhands-ai@0.29.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.29.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48919?format=json","purl":"pkg:pypi/openhands-ai@0.30.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.30.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48920?format=json","purl":"pkg:pypi/openhands-ai@0.30.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.30.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48921?format=json","purl":"pkg:pypi/openhands-ai@0.31.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.31.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48922?format=json","purl":"pkg:pypi/openhands-ai@0.32.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.32.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48923?format=json","purl":"pkg:pypi/openhands-ai@0.33.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.33.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48924?format=json","purl":"pkg:pypi/openhands-ai@0.34.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.34.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48925?format=json","purl":"pkg:pypi/openhands-ai@0.35.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.35.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48926?format=json","purl":"pkg:pypi/openhands-ai@0.35.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.35.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48927?format=json","purl":"pkg:pypi/openhands-ai@0.36.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.36.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48928?format=json","purl":"pkg:pypi/openhands-ai@0.36.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.36.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48929?format=json","purl":"pkg:pypi/openhands-ai@0.37.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.37.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48930?format=json","purl":"pkg:pypi/openhands-ai@0.38.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.38.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48931?format=json","purl":"pkg:pypi/openhands-ai@0.39.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.39.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48932?format=json","purl":"pkg:pypi/openhands-ai@0.39.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.39.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48933?format=json","purl":"pkg:pypi/openhands-ai@0.39.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.39.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48934?format=json","purl":"pkg:pypi/openhands-ai@0.40.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.40.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48935?format=json","purl":"pkg:pypi/openhands-ai@0.41.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.41.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48936?format=json","purl":"pkg:pypi/openhands-ai@0.42.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.42.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48937?format=json","purl":"pkg:pypi/openhands-ai@0.43.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.43.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48938?format=json","purl":"pkg:pypi/openhands-ai@0.44.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.44.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48939?format=json","purl":"pkg:pypi/openhands-ai@0.45.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.45.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48940?format=json","purl":"pkg:pypi/openhands-ai@0.46.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.46.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48941?format=json","purl":"pkg:pypi/openhands-ai@0.47.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.47.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48942?format=json","purl":"pkg:pypi/openhands-ai@0.48.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.48.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48943?format=json","purl":"pkg:pypi/openhands-ai@0.49.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.49.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48944?format=json","purl":"pkg:pypi/openhands-ai@0.49.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.49.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48945?format=json","purl":"pkg:pypi/openhands-ai@0.50.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.50.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48946?format=json","purl":"pkg:pypi/openhands-ai@0.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.51.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48947?format=json","purl":"pkg:pypi/openhands-ai@0.51.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.51.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48948?format=json","purl":"pkg:pypi/openhands-ai@0.52.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.52.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48949?format=json","purl":"pkg:pypi/openhands-ai@0.52.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.52.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48950?format=json","purl":"pkg:pypi/openhands-ai@0.53.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.53.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48951?format=json","purl":"pkg:pypi/openhands-ai@0.54.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.54.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48952?format=json","purl":"pkg:pypi/openhands-ai@0.55.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.55.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48953?format=json","purl":"pkg:pypi/openhands-ai@0.56.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.56.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48954?format=json","purl":"pkg:pypi/openhands-ai@0.57.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.57.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48955?format=json","purl":"pkg:pypi/openhands-ai@0.57.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.57.2"},{"url":"http://public2.vulnerablecode.io/api/packages/48956?format=json","purl":"pkg:pypi/openhands-ai@0.58.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.58.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48957?format=json","purl":"pkg:pypi/openhands-ai@0.59.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.59.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48958?format=json","purl":"pkg:pypi/openhands-ai@0.60.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.60.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48959?format=json","purl":"pkg:pypi/openhands-ai@0.61.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.61.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48960?format=json","purl":"pkg:pypi/openhands-ai@0.62.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@0.62.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48961?format=json","purl":"pkg:pypi/openhands-ai@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48962?format=json","purl":"pkg:pypi/openhands-ai@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48963?format=json","purl":"pkg:pypi/openhands-ai@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48964?format=json","purl":"pkg:pypi/openhands-ai@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/48965?format=json","purl":"pkg:pypi/openhands-ai@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48966?format=json","purl":"pkg:pypi/openhands-ai@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xav7-qhau-4ya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openhands-ai@1.4.0"}],"references":[{"reference_url":"https://docs.python.org/3/library/shlex.html#shlex.quote","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://docs.python.org/3/library/shlex.html#shlex.quote"},{"reference_url":"https://docs.python.org/3/library/subprocess.html#security-considerations","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://docs.python.org/3/library/subprocess.html#security-considerations"},{"reference_url":"https://github.com/OpenHands/OpenHands/pull/13051","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/OpenHands/OpenHands/pull/13051"},{"reference_url":"https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/OpenHands/OpenHands/security/advisories/GHSA-7h8w-hj9j-8rjw"},{"reference_url":"https://owasp.org/www-community/attacks/Command_Injection","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://owasp.org/www-community/attacks/Command_Injection"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.9 - 9.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xav7-qhau-4ya7"}