354 matches found
EUVD-2022-38734
Malicious code in bioql PyPI...
EUVD-2023-45624
Malicious code in bioql PyPI...
EUVD-2022-3310
Malicious code in bioql PyPI...
CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
GHSA-4XH5-X5GV-QWPH pip's fallback tar extraction doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
DEBIAN-CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
AZL-67788 CVE-2025-8869 affecting package python-pip for versions less than 24.2-4
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
UBUNTU-CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
CVE-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
CVE-2025-8869
CVENote (CVE-2025-8869): Pip’s tar extraction fallback, used on Python builds that do not implement PEP 706, may fail to prevent symbolic links from pointing outside the extraction directory. This is a vulnerability in the tar extraction path, not in all Python tar handling. Affected scenario occ...
RHEL 8 : python3 (RHSA-2025:16151)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16151 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
Moderate: Red Hat Security Advisory: python39:3.9 security update
An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...
Moderate: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
RLSA-2025:14546 Moderate: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python3.11 security update
An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...
RHEL 8 : python39:3.9 (RHSA-2025:15411)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15411 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
RHSA-2025:15019 Red Hat Security Advisory: python3.9 security update
Bulletin has no description...
RHEL 9 : python3.12 (RHSA-2025:15007)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15007 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
Moderate: Red Hat Security Advisory: python3.11 security update
An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...