tqdm is vulnerable to arbitrary code execution via insecure use of git. When importing tqdm, it will run a git log command to check if the user is running a pre-released version. It is possible for an attacker to create a repository in which git log executes arbitrary code.