ROOT-APP-PYPI-CVE-2026-6357 CVE-2026-6357 in rootio-pip - Patched by Root

Root has patched CVE-2026-6357 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-3219 CVE-2026-3219 in rootio-pip - Patched by Root

Root has patched CVE-2026-3219 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-8869 CVE-2025-8869 in rootio-pip - Patched by Root

Root has patched CVE-2025-8869 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-5752 CVE-2023-5752 in rootio-pip - Patched by Root

Root has patched CVE-2023-5752 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

USN-8344-3: pip vulnerability

USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attack...

Security update for python-pip (moderate)

openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: bsc1262429 bsc1263442 Cross-References: CVE-2026-1703 CVE-2026-3219 CVE-2026-6357 CVSS scores: CVE-2026-170...

Critical Photon OS Security Update - PHSA-2026-5.0-0862

Updates of 'unbound', 'wireshark', 'python3-pip', 'expat', 'python3' packages of Photon OS have been released...

OPENSUSE-SU-2026:20880-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : pip vulnerabilities (USN-8344-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8344-1 advisory. It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used...

CVE-2025-48570

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48570

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

USN-8344-2 python-pip regression

USN-8344-1 fixed vulnerabilities in pip. On Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS the patches for CVE-2025-66471 caused a regression when using pip. The patches for CVE-2025-66471 have been temporarily reverted pending investigation. We apologize for the inconvenience. Original...

USN-8344-2: pip regression

USN-8344-1 fixed vulnerabilities in pip. On Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS the patches for CVE-2025-66471 caused a regression when using pip. The patches for CVE-2025-66471 have been temporarily reverted pending investigation. We apologize for the inconvenience. Original...

Linux Distros Unpatched Vulnerability : CVE-2026-8643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leadin...

CVE-2026-8643

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1719)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1719 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...