pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

GHSA-JP4C-XJXW-MGF9 pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

EUVD-2017-17771

Malware in sbrugna...

MAL-2025-11651 Malicious code in @zalastax/nolb-google-c (npm)

The package @zalastax/nolb-google-c was found to contain malicious code...

GHSA-343V-9CCV-7535 vulnerabilities

Vulnerabilities for packages: openjdk-26-openj9, openjdk-11-openj9, openjdk, openjdk-8-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-21-openj9...

UBUNTU-CVE-2017-8829

Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file...