Gitpython Project Gitpython — known CVE vulnerabilities
Every CVE whose affected-product data names Gitpython Project Gitpython, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-40267 — CVSS 9.8 (critical): GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete…
CVE-2026-42215 — CVSS 8.8 (high): GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks…
CVE-2026-42284 — CVSS 8.1 (high): GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the…
CVE-2022-24439 — CVSS 8.1 (high): All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it…
CVE-2026-44244 — CVSS 7.8 (high): GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to…
CVE-2023-40590 — CVSS 7.8 (high): GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working…
CVE-2024-22190 — CVSS 7.8 (high): GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython…
CVE-2026-44243 — CVSS 7.1 (high): GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows…
CVE-2023-41040 — CVSS 4.0 (medium): GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from…