Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

K000130545: Python-pip vulnerability CVE-2018-20225

🗓️ 10 Jan 2023 08:25:01Reported by f5Type 
f5
 f5🔗 my.f5.com👁 2 Views

Pip vulnerability CVE-2018-20225 lets the highest private-index version be chosen with --extra-index-url.

Related
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS Product
15 Jul 202515:44
ibm
IBM Security Bulletins		Security Bulletin: WML CE: pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index
17 Jul 202016:48
ibm
IBM Security Bulletins		Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)
15 Jun 202219:07
ibm
IBM Security Bulletins		Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2018-20225, CVE-2025-6985, CVE-2025-54368)
20 Mar 202616:39
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python
19 Jun 202005:08
ibm
IBM Security Bulletins		Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)
9 Sep 202407:08
ibm
IBM Security Bulletins		Security Bulletin: An issue was discovered in pip (all versions) because it installs the version with the highest version number, which affects IBM watsonx.data
25 Jul 202512:31
ibm
IBM Security Bulletins		Security Bulletin: Several vulnerabilities affect Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.0
29 Apr 202502:33
ibm
CBLMariner		CVE-2018-20225 affecting package python-pip 19.2-2
12 Jan 202509:15
cbl_mariner
Circl		CVE-2018-20225
8 May 202023:06
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Jan 2023 08:25Current
6.9Medium risk
Vulners AI Score6.9
CVSS 26.8
CVSS 3.17.8
EPSS0.03726
SSVC
pip vulnerabilityprivate indexextra index urlcve 2018 20225
2