18 matches found
SUSE-SU-2026:2664-1 Security update for python, python-base, python-doc
This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP...
ROOT-APP-PYPI-CVE-2026-3219 CVE-2026-3219 in rootio-pip - Patched by Root
Root has patched CVE-2026-3219 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...
CLEANSTART-2026-NN42198 Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1
Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details...
OESA-2026-2497 python-pip security update
%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1719)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1719 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...
Low: python3.14-pip
Issue Overview: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior...
Low: python3.13-pip
Issue Overview: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior...
Fedora 43 : python3.15 (2026-e2ada1fa1e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e2ada1fa1e advisory. New prerelease of Python 3.15, containing fixes to a few CVEs. Tenable has extracted the preceding description block directly from the Fedora securi...
OESA-2026-2363 python-pip security update
%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...
OESA-2026-2361 python-pip security update
%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...
Fedora 43 : pypy (2026-3505a95524)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3505a95524 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Fedora 45 : pypy (2026-b58cd376d6)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58cd376d6 advisory. Automatic update for pypy-7.3.22-2.fc45. Changelog Tue May 5 2026 Charalampos Stratakis - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel ...
aaanalysis (>=0.1.2 <=1.0.2), aadetools (>=0.0.3 <=0.0.5) +582 more potentially affected by CVE-2026-3219 via pip (>=10.0.0b2 <=26.0.1)
pip PYPI version =10.0.0b2, =0.1.2, =0.0.3, =0.5.14, =0.1.1, =2.0.0, =0.2.1, =0.1.2, =0.0.1, =0.1.0, =0.1.10, =0.2.0, =0.68.0, =1.8.15, =1.8.17, =1.8.19 and more Source cves: CVE-2026-3219 Source advisory: OSV:GHSA-58QW-9MGM-455V...
CVE-2026-3219
creationtimestamp| type| source ---|---|--- 2026-04-20 16:16:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwukdmbem2p 2026-04-20 19:34:11+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjx7l2ighx2h 2026-05-21 12:01:00+00:00| seen|...
CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
Linux Distros Unpatched Vulnerability : CVE-2026-3219
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in...