OESA-2024-1868 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

Pip Command Injection Vulnerability

Pip is a set of tools for installing and managing Python packages. A security vulnerability exists in pip versions prior to v23.3, which stems from the presence of an injected arbitrary configuration option call...

CVE-2023-45805

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

CVE-2023-45805 Trojan Lockfilein pdm

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

pdm security breach

pdm is a Python package management tool for the PDM project. A security vulnerability exists in versions of pdm prior to 0.11.2, which stems from the ability to craft a malicious pdm.lock file that allows an insider or malicious open source project to appear to rely on a trusted PyPI project, but...

Malicious code in httpgame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 570eacd42d4066212ccf631f0d91e3df191a244f4f517ab1b19c3f1f5ca26a4c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

python-pip: Incorrect handling of unicode separators in git references

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

vulhub_v2

It is an offensive tool for web application security training. The repository contains a collection of vulnerable Docker environments for web application security training. The tool is designed to be easy to use, requiring only two simple commands to set up a vulnerable environment. The tool is n...

UBUNTU-CVE-2019-15796

Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...