CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 6 days ago•10 views

uv is vulnerable to arbitrary file write through entry point names

6.2AI score

Exploits0References2Affected Software1

RedHat Linux•added 6 days ago•10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.63 security and extras update

Red Hat OpenShift Container Platform release 4.16.63 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...

9.1CVSS5.9AI score0.00029EPSS

Exploits3References5

RedhatCVE•added 2026/05/27 5:21 p.m.•6 views

CVE-2026-8643

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS6AI score0.00013EPSS

Snyk•added 2026/05/27 5:3 p.m.•6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

8.5CVSS6.3AI score0.00013EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•4 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3317 (ALAS-2026-3317)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3317 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred ...

Amazon•added 2026/05/26 12:0 a.m.•12 views

Important: python-pip

Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...

OSV•added 2026/05/21 9:18 a.m.•3 views

Exploits0

ROOT-APP-PYPI-CVE-2026-24049 CVE-2026-24049 in rootio-wheel - Patched by Root

Root has patched CVE-2026-24049 in the rootio-wheel package for Root:PyPI. Multiple fixed versions available...

7.1CVSS5.4AI score0.00015EPSS

Exploits2

RedHat Linux•added 2026/05/21 9:16 a.m.•4 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-pip: python-pip-wheel-26.1.1-3.hum1 noarch python3-pip-26.1.1-3.hum1 noarch python-pip-26.1.1-3.hum1.src src...

4.6CVSS6.2AI score0.00018EPSS

Exploits0References3

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1653)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1653 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

5.3CVSS6.3AI score0.00018EPSS

Exploits0References6

Tenable Nessus•added 2026/05/20 12:0 a.m.•2 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1654)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1654 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

Tenable Nessus•added 2026/05/17 12:0 a.m.•5 views

Fedora 44 : pypy (2026-130f7539d3)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-130f7539d3 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

4.6CVSS5.8AI score0.00018EPSS

Tenable Nessus•added 2026/05/16 12:0 a.m.•13 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

Tenable Nessus•added 2026/05/16 12:0 a.m.•4 views

Fedora 43 : pypy (2026-3505a95524)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3505a95524 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

4.6CVSS5.8AI score0.00018EPSS

Amazon•added 2026/05/15 12:0 a.m.•9 views

Important: python-pip

Tenable Nessus•added 2026/05/08 12:0 a.m.•4 views

Exploits0

Fedora 45 : pypy (2026-b58cd376d6)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58cd376d6 advisory. Automatic update for pypy-7.3.22-2.fc45. Changelog Tue May 5 2026 Charalampos Stratakis - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel ...

4.6CVSS5.8AI score0.00018EPSS