Lucene search
K

964 matches found

Snyk
Snyk
added 6 days ago5 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...

6.9CVSS6.1AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 6 days ago9 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
Debian CVE
Debian CVE
added 6 days ago7 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6AI score0.00269EPSS
Exploits1
OSV
OSV
added 6 days ago4 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References5
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56503

Name of the Vulnerable Software and Affected Versions setuptools versions prior to 83.0.0 Description setuptools is a package used to download, build, install, upgrade, and uninstall Python packages. The FileList component fails to perform Unicode normalization when matching compiled glob pattern...

6.1CVSS6.1AI score0.00269EPSS
Exploits1References8
OSV
OSV
added 2026/06/15 11:50 a.m.7 views

ROOT-APP-PYPI-CVE-2024-6345 CVE-2024-6345 in rootio-setuptools - Patched by Root

Root has patched CVE-2024-6345 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...

8.8CVSS7.8AI score0.01939EPSS
Exploits0
OSV
OSV
added 2026/06/15 11:50 a.m.7 views

ROOT-APP-PYPI-CVE-2025-47273 CVE-2025-47273 in rootio-setuptools - Patched by Root

Root has patched CVE-2025-47273 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...

8.8CVSS6.5AI score0.01479EPSS
Exploits4
OSV
OSV
added 2026/06/03 7:6 p.m.7 views

ROOT-APP-PYPI-CVE-2022-40897 CVE-2022-40897 in rootio-setuptools - Patched by Root

Root has patched CVE-2022-40897 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...

7.5CVSS8.2AI score0.02617EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 4:7 p.m.10 views

Security Bulletin: Maximo AI Service uses azure-core 1.37.0 and setuptools 75.8.0 which are vulnerable to CVE-2026-21226 and CVE-2025-47273.

Summary Maximo AI Service uses azure-core 1.37.0 and setuptools 75.8.0 which are vulnerable to CVE-2026-21226 and CVE-2025-47273. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-21226 DESCRIPTION: Deserialization of untrusted da...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in python-setuptools

Python Packaging Authority PyPA’s setuptools before version 65.5.1 allows remote attackers to cause a denial of service through HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS vulnerability present in packageindex.py...

5.9CVSS6.8AI score0.02617EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in python-setuptools

A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...

8.8CVSS7.2AI score0.01939EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.11 views

FreeBSD : py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (690144e9-4f88-11f1-982e-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 690144e9-4f88-11f1-982e-00a098b42aeb advisory. https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a...

8.8CVSS7.3AI score0.01479EPSS
Exploits4References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 12:3 p.m.5 views

Security Bulletin: Vulnerability in setuptools affects IBM Netezza Appliance

Summary The setuptools package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-47273 Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...

8.8CVSS6.6AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:8 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools [CVE-2025-47273]

Summary M Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools, due to an issue that allows users to download, build, install, upgrade, and uninstall Python packages CVE-2025-47273. Setuptools is used in our speech service runtimes. This vulnerabilitiy has been...

8.8CVSS7.4AI score0.01479EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.6 views

NewStart CGSL MAIN 6.06 : python3.11-setuptools Vulnerability (NS-SA-2025-0242)

The remote NewStart CGSL host, running version MAIN 6.06, has python3.11-setuptools packages installed that are affected by a vulnerability: - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These...

8.8CVSS7.9AI score0.01939EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 12:35 p.m.4 views

Security Bulletin: IBM Security Verify Directory (Container) is affected by a vulnerability in the setuptools package (CVE-2025-47273)

Summary A vulnerability in the setuptools package used by IBM Security Verify Directory Container has been addressed Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

8.8CVSS6.5AI score0.01479EPSS
Exploits4Affected Software1
GithubExploit
GithubExploit
added 2026/03/17 4:58 p.m.222 views

Exploit for Path Traversal in Python Setuptools

HackTheBox - VariaType Machine Writeup !HTBhttps://img.shie...

8.8CVSS7.1AI score0.01479EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 3:40 p.m.10 views

Security Bulletin: Due to the use of Python setuptools IBM Foundationdb Operator is vulunerable for denial of service attack

Summary IBM Database Operator for FoundationDB contains Python setuptools internally CVE-2022-40897 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package o...

5.9CVSS6.9AI score0.02617EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/03/15 11:3 p.m.342 views

Exploit for Path Traversal in Python Setuptools

CVE-2025-47273: Path Traversal in setuptools.packageindex...

8.8CVSS6AI score0.01479EPSS
Exploits4
Rows per page
Query Builder