EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-1226)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...

EUVD-2025-30961

Malicious code in bioql PyPI...

BIT-PIP-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

CVE-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution by implanting a malicious wheel file in pip's installation directory, which will replace the module being installed and get executed during installation. Note: The specific vulnerable behavior arises because...

PT-2025-39265

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description An issue exists in pip where it may not properly check symbolic links when extracting tar archives if the tarfile module does not implement PEP 706. This can occur when using Python versions that...