CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/22 1:16 p.m.•3 views

OESA-2026-2363 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS5.8AI score0.00018EPSS

Fedora•added 2026/05/18 1:24 a.m.•9 views

[SECURITY] Fedora 42 Update: uv-0.11.11-1.fc42

5.8AI score

Fedora•added 2026/05/18 12:59 a.m.•11 views

[SECURITY] Fedora 43 Update: uv-0.11.11-1.fc43

5.8AI score

Amazon•added 2026/05/15 12:0 a.m.•9 views

Important: python-pip

Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...

5.3CVSS5.8AI score0.00017EPSS

EUVD•added 2026/04/27 2:19 p.m.•3 views

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00017EPSS

Cvelist•added 2026/04/27 2:19 p.m.•24 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

5.3CVSS0.00017EPSS

Redos•added 2026/04/17 12:0 a.m.•4 views

ROS-20260417-73-0013

A vulnerability in the commonprefix function of the pip module of the Python programming language is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to add and modify arbitrary files...

2CVSS5.9AI score0.0003EPSS

Fedora•added 2026/03/28 12:46 a.m.•2 views

[SECURITY] Fedora 43 Update: uv-0.10.12-1.fc43

6.5CVSS5.9AI score0.00019EPSS

Fedora•added 2026/03/28 12:19 a.m.•4 views

[SECURITY] Fedora 44 Update: uv-0.11.2-1.fc44

5.9AI score

Fedora•added 2026/03/28 12:19 a.m.•2 views

[SECURITY] Fedora 44 Update: uv-0.10.12-1.fc44

6.5CVSS5.9AI score0.00019EPSS

OSV•added 2026/02/28 12:44 p.m.•4 views

OESA-2026-1445 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS6AI score0.00014EPSS

Fedora•added 2026/02/10 1:34 a.m.•3 views

[SECURITY] Fedora 43 Update: uv-0.9.30-2.fc43

7.5CVSS5.5AI score0.00042EPSS

OSV•added 2026/02/02 3:16 p.m.•1 views

CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-23970

Malicious code in bioql PyPI...

6.8CVSS6.3AI score0.00042EPSS

Exploits0References5

Fedora•added 2025/09/26 1:24 a.m.•6 views

[SECURITY] Fedora 41 Update: python-pip-24.2-3.fc41

pip is a package management system used to install and manage software packag es written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python"...

6.1CVSS6.9AI score0.00079EPSS

OSV•added 2025/09/05 12:39 p.m.•4 views

OESA-2025-2098 uv security update

An extremely fast Python package and project manager, written in Rust. Security Fixes: uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's...

6.8CVSS6.8AI score0.00115EPSS

Exploits0References3

Fedora•added 2025/08/19 4:16 a.m.•6 views

[SECURITY] Fedora 42 Update: uv-0.8.8-1.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

6.8CVSS6.1AI score0.00042EPSS