OPENSUSE-SU-2026:10940-1 python311-pip-26.1.2-1.1 on GA media

These are all security issues fixed in the python311-pip-26.1.2-1.1 package on the GA media of openSUSE Tumbleweed...

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1718)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1718 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

OESA-2026-2360 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which stems from treating connected tar and ZIP files as ZIP files. This vulnerability may lead to confusing installation behaviors...

USN-8010-1: pip vulnerabilities

Several security issues were discovered in the libraries bundled in pip. An attacker could possibly use these issues to perform a variety of attacks, such as denial of service or arbitrary code execution...

SUSE CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

OESA-2025-2174 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 3 Summary: A...

[SECURITY] Fedora 41 Update: uv-0.7.13-4.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 42 Update: uv-0.7.13-4.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 41 Update: uv-0.6.14-3.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 40 Update: uv-0.6.14-3.fc40

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 42 Update: uv-0.6.14-3.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 41 Update: uv-0.5.5-2.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 40 Update: uv-0.5.5-2.fc40

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

USN-7084-2: pip vulnerability

USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use...

Mercurial configuration injectable in repo revision when installing via pip

...

USN-5821-4 python-pip regression

USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled...

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

...

USN-4601-1 python-pip vulnerability

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. CVE-2019-20916...