Lucene search
K

4 matches found

OSV
OSV
added 2026/06/05 3:48 p.m.12 views

OESA-2026-2542 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 7:30 p.m.46 views

CVE-2025-68119

CVE-2025-68119 describes local code execution and arbitrary-file writes when downloading/building modules with malicious version strings in environments where external VCS tools are present. Specifically: on systems with Mercurial (hg), downloading modules from non-standard sources (e.g., custom ...

7CVSS7.8AI score0.00335EPSS
Exploits0References4Affected Software1
Gentoo Linux
Gentoo Linux
added 2025/01/17 12:0 a.m.7 views

pip: arbitrary configuration injection

Background pip is a tool for installing and managing Python packages. Description Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Impact When installing a package from a Mercurial VCS URL ie "pip install hg+...", the specified...

5.5CVSS7.2AI score0.00476EPSS
Exploits0
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

DEBIAN-CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

3.3CVSS6.4AI score0.00476EPSS
Exploits0References1
Rows per page
Query Builder