virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')

https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attac...

Linux Distros Unpatched Vulnerability : CVE-2026-22702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv...

PT-2026-2252

Name of the Vulnerable Software and Affected Versions virtualenv versions prior to 20.36.1 Description virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, Time-of-Check-Time-of-Use TOCTOU vulnerabilities exist in virtualenv that allow local attackers ...

GHSA-W853-JP5J-5J7F filelock has a TOCTOU race condition which allows symlink attacks during lock file creation

Impact A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attack...

filelock has a TOCTOU race condition which allows symlink attacks during lock file creation

Impact A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attack...

CVE-2025-50181 affecting package python-virtualenv for versions less than 20.26.6-2

CVE-2025-50181 affecting package python-virtualenv for versions less than 20.26.6-2. A patched version of the package is available...

EUVD-2020-3441

Malware in sbrugna...

EUVD-2011-0025

Malware in sbrugna...

AZL-77823 CVE-2025-50181 affecting package python-virtualenv 20.36.1-1

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

AZL-64218 CVE-2025-50181 affecting package python-virtualenv for versions less than 20.26.6-2

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

TencentOS Server 4: python-virtualenv (TSSA-2025:0386)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0386 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Fedora: Security Advisory (FEDORA-2024-89014f5794)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

Azure Linux 3.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

CBL Mariner 2.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

CVE-2024-53899 affecting package python-virtualenv for versions less than 20.26.6-1

CVE-2024-53899 affecting package python-virtualenv for versions less than 20.26.6-1. An upgraded version of the package is available that resolves this issue...

OESA-2025-1241 python-virtualenv security update

Virtualenv is a tool to create isolated Python environments. Since Python 3.3, a subset of it has been integrated into the standard library under the venv module. Note though, that the venv module does not offer all features of this library e.g. cannot create bootstrap scripts, cannot create...

USN-7271-2 python-virtualenv vulnerability

USN-7271-1 fixed a vulnerability in virtualenv. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute...

USN-7271-2: virtualenv vulnerability

USN-7271-1 fixed a vulnerability in virtualenv. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that virtualenv incorrectly handled paths when activating virtual environments. An attacker could possibly use this issue to execute...

Ubuntu 24.04 LTS : virtualenv vulnerability (USN-7271-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7271-2 advisory. USN-7271-1 fixed a vulnerability in virtualenv. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding descripti...