CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2022-0202

Malicious code in bioql PyPI...

9.3CVSS8.5AI score0.03865EPSS

Exploits1References14

Tenable Nessus•added 2025/08/30 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-21668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files...

9.3CVSS7.9AI score0.03865EPSS

Exploits1References2

Tenable Nessus•added 2024/11/14 12:0 a.m.•6 views

Fedora 37 : pipenv (2022-8a01f4e871)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8a01f4e871 advisory. Automatic update for pipenv-2021.5.29-7.fc37. Changelog Thu Feb 24 2022 Tomas Orsava - 2021.5.29-7 - Fix for CVE-2022-21668 Resolves: rhbz2039830 Tenable has...

9.3CVSS7.9AI score0.03865EPSS

Exploits1References2

OpenVAS•added 2022/03/27 12:0 a.m.•18 views

Fedora: Security Advisory for pipenv (FEDORA-2022-0d007466b3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.6AI score0.03865EPSS

Exploits1References2

OpenVAS•added 2022/03/23 12:0 a.m.•18 views

Fedora: Security Advisory for pipenv (FEDORA-2022-77ce20f03a)

9.3CVSS8.7AI score0.03865EPSS

Exploits1References2

OpenVAS•added 2022/03/23 12:0 a.m.•13 views

Fedora: Security Advisory for pipenv (FEDORA-2022-508e460384)

9.3CVSS8.7AI score0.03865EPSS

Exploits1References2

OSV•added 2022/01/12 10:29 p.m.•23 views

GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

8.8CVSS8.7AI score0.03865EPSS

Exploits1References9

Veracode•added 2022/01/11 9:5 a.m.•24 views

Remote Code Execution (RCE)

pipenv is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of requirements files allowing an attacker to inject a maliciously crafted string inside a comment in a requirements.txt file...

8.6CVSS4.5AI score0.03865EPSS

Exploits1References9Affected Software1

ATTACKERKB•added 2022/01/10 9:15 p.m.•7 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.9AI score0.03865EPSS

Exploits1References10Affected Software1

NVD•added 2022/01/10 9:15 p.m.•13 views

CVE-2022-21668

9.3CVSS0.03865EPSS

Exploits1References6

Prion•added 2022/01/10 9:15 p.m.•22 views

Design/Logic Flaw

9.3CVSS8.6AI score0.03865EPSS

Exploits1References6Affected Software2

PyPA•added 2022/01/10 9:15 p.m.•4 views

PYSEC-2022-6

9.3CVSS7.8AI score0.03865EPSS

Exploits1References3Affected Software1

UbuntuCve•added 2022/01/10 9:15 p.m.•172 views

CVE-2022-21668

9.3CVSS7.8AI score0.03865EPSS

Exploits1References4

OSV•added 2022/01/10 9:15 p.m.•34 views

PYSEC-2022-6

9.3CVSS4.7AI score0.03865EPSS

Exploits1References3

OSV•added 2022/01/10 9:15 p.m.•1 views

UBUNTU-CVE-2022-21668

8.6CVSS6.5AI score0.03865EPSS

Exploits1References5

Cvelist•added 2022/01/10 8:20 p.m.•33 views

CVE-2022-21668 Pipenv's requirements.txt parsing allows malicious index url in comments

8CVSS8.8AI score0.03865EPSS

Exploits1References6

CVE•added 2022/01/10 8:20 p.m.•142 views

CVE-2022-21668

CVE-2022-21668 affects pipenv versions prior to 2022.1.8, where a flaw in parsing requirements.txt can let an attacker embed a malicious string in a comment that causes installation to fetch from a hostile package index. If the index URL (or a hijacked proxy) is used, the attacker can deliver pac...

9.3CVSS8.2AI score0.03865EPSS

Exploits1References6Affected Software1

Debian CVE•added 2022/01/10 8:20 p.m.•25 views

CVE-2022-21668

9.3CVSS8.7AI score0.03865EPSS

Exploits1

OSV•added 2022/01/10 8:20 p.m.•19 views

CVE-2022-21668 Pipenv's requirements.txt parsing allows malicious index url in comments

8CVSS8.7AI score0.03865EPSS

Exploits1References8

Positive Technologies•added 2022/01/10 12:0 a.m.•6 views

PT-2022-15021 · Pipenv · Pipenv

Name of the Vulnerable Software and Affected Versions: pipenv versions 2018.10.9 through 2022.1.8 Description: A flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file. This will cause victims...

9.3CVSS8.6AI score0.03865EPSS

Exploits1References22

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by