Security update for python-pip (moderate)

openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: bsc1262429 bsc1263442 Cross-References: CVE-2026-1703 CVE-2026-3219 CVE-2026-6357 CVSS scores: CVE-2026-170...

Linux Distros Unpatched Vulnerability : CVE-2026-8643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leadin...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1719)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1719 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3317 (ALAS-2026-3317)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3317 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred ...

Important: python-pip

Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...

OESA-2026-2362 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-pip: python-pip-wheel-26.1.1-3.hum1 noarch python3-pip-26.1.1-3.hum1 noarch python-pip-26.1.1-3.hum1.src src...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

CVE-2026-6357 vulnerabilities

Vulnerabilities for packages: py3-pip, datadog-agent, pypy-3.10, kubeflow-katib, tensorflow-cpu-jupyter...

Astra Linux - уязвимость в python-pip

When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...

Astra Linux - уязвимость в python-pip

A flaw was discovered in python-pip regarding its handling of Unicode separators in git references. A remote attacker could potentially exploit this issue to install a different revision in a repository. The greatest threat posed by this vulnerability is to data integrity. This issue has been fix...

Important Photon OS Security Update - PHSA-2026-4.0-1008

Updates of 'python3-pip', 'cups', 'linux' packages of Photon OS have been released...

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1589)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1589 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-pip: python-pip-wheel-26.0.1-2.1.hum1 noarch python3-pip-26.0.1-2.1.hum1 noarch python-pip-26.0.1-2.1.hum1.src src...

CLSA-2026-1775723090 python-pip: Fix of 2 CVEs

CVE-2025-66471: add decompression size limit to bundled urllib3 - CVE-2026-21441: skip decompression when draining redirect responses in bundled urllib3...

Low: python3.12-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...