Lucene search
K

18 matches found

OSV
OSV
added last week2 views

SUSE-SU-2026:2664-1 Security update for python, python-base, python-doc

This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP...

9.1CVSS7.4AI score0.00579EPSS
Exploits2References16
OSV
OSV
added 2026/06/16 9:44 a.m.3 views

ROOT-APP-PYPI-CVE-2026-3219 CVE-2026-3219 in rootio-pip - Patched by Root

Root has patched CVE-2026-3219 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

5CVSS5.2AI score0.00144EPSS
Exploits0
OSV
OSV
added 2026/06/08 2:58 p.m.8 views

CLEANSTART-2026-NN42198 Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1

Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details...

8.9CVSS6.5AI score0.01438EPSS
Exploits4References28
OSV
OSV
added 2026/05/29 1:34 p.m.9 views

OESA-2026-2497 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS6.2AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.8 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1719)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1719 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Low: python3.14-pip

Issue Overview: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior...

4.6CVSS6.2AI score0.00144EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.13 views

Low: python3.13-pip

Issue Overview: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior...

4.6CVSS6.2AI score0.00144EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.10 views

Fedora 43 : python3.15 (2026-e2ada1fa1e)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e2ada1fa1e advisory. New prerelease of Python 3.15, containing fixes to a few CVEs. Tenable has extracted the preceding description block directly from the Fedora securi...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References6
OSV
OSV
added 2026/05/22 1:16 p.m.13 views

OESA-2026-2363 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:16 p.m.9 views

OESA-2026-2361 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS6.2AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

Fedora 43 : pypy (2026-3505a95524)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3505a95524 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.8 views

Fedora 45 : pypy (2026-b58cd376d6)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58cd376d6 advisory. Automatic update for pypy-7.3.22-2.fc45. Changelog Tue May 5 2026 Charalampos Stratakis - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel ...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/20 6:31 p.m.7 views

aaanalysis (>=0.1.2 <=1.0.2), aadetools (>=0.0.3 <=0.0.5) +582 more potentially affected by CVE-2026-3219 via pip (>=10.0.0b2 <=26.0.1)

pip PYPI version =10.0.0b2, =0.1.2, =0.0.3, =0.5.14, =0.1.1, =2.0.0, =0.2.1, =0.1.2, =0.0.1, =0.1.0, =0.1.10, =0.2.0, =0.68.0, =1.8.15, =1.8.17, =1.8.19 and more Source cves: CVE-2026-3219 Source advisory: OSV:GHSA-58QW-9MGM-455V...

4.6CVSS6.6AI score0.00144EPSS
Exploits0
Circl
Circl
added 2026/04/20 4:16 p.m.4 views

CVE-2026-3219

creationtimestamp| type| source ---|---|--- 2026-04-20 16:16:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwukdmbem2p 2026-04-20 19:34:11+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjx7l2ighx2h 2026-05-21 12:01:00+00:00| seen|...

4.6CVSS6.3AI score0.00144EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 4:16 p.m.5 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS0.00144EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-3219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in...

4.6CVSS6.2AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder