CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

SUSE Linux•added 2026/06/12 1:57 p.m.•29 views

Security update for python

This update for python fixes the following issues CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. CVE-2026-4786: Incomplete...

9.1CVSS7.1AI score0.00517EPSS

Exploits2References26

OSV•added 2026/06/12 1:57 p.m.•4 views

SUSE-SU-2026:2387-1 Security update for python

This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-4786: Incomplete...

9.1CVSS7AI score0.00517EPSS

Exploits2References14

Tenable Nessus•added 2026/06/10 12:0 a.m.•8 views

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2353)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.5AI score0.0039EPSS

Exploits1References3

Amazon•added 2026/04/30 12:0 a.m.•3 views

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.2AI score0.0039EPSS

Exploits1

Amazon•added 2026/04/30 12:0 a.m.•7 views

Low: python-pip

2CVSS5.2AI score0.0039EPSS

Exploits1

Tenable Nessus•added 2026/04/30 12:0 a.m.•7 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...

2CVSS5.4AI score0.0039EPSS

Exploits1References4

Snyk•added 2026/04/01 10:17 p.m.•2 views

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of wheel destination path that is being constructed directly from untrusted wheel entry path without containment checks. An...

7.1CVSS6.5AI score0.00468EPSS

Exploits1References2

Amazon•added 2026/04/01 12:0 a.m.•7 views

Low: python3.12-pip

2CVSS5.8AI score0.0039EPSS

Exploits1

Amazon•added 2026/04/01 12:0 a.m.•5 views

Low: python3.11-pip

2CVSS5.8AI score0.0039EPSS

Exploits1

Tenable Nessus•added 2026/04/01 12:0 a.m.•5 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.0039EPSS

Exploits1References4

Amazon•added 2026/03/27 12:0 a.m.•7 views

Low: python3.13-pip

2CVSS5.8AI score0.0039EPSS

Exploits1

Tenable Nessus•added 2026/03/05 12:0 a.m.•8 views

TencentOS Server 4: python-pip (TSSA-2026:0096)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0096 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

2CVSS6AI score0.0039EPSS

Exploits1References2

OSV•added 2026/02/28 12:44 p.m.•7 views

OESA-2026-1448 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS5.9AI score0.0068EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•6 views

OESA-2026-1447 python-pip security update

8.9CVSS7.2AI score0.0068EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•17 views

OESA-2026-1446 python-pip security update

2CVSS5.9AI score0.0039EPSS

Exploits1References2

OSV•added 2026/02/28 12:44 p.m.•11 views

OESA-2026-1443 python-pip security update

8.9CVSS7.2AI score0.0068EPSS

Exploits1References3

OPENSUSE Linux•added 2026/02/14 12:0 a.m.•5 views

Security update for python-pip (low)

openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20202-1 Rating: low References: bsc1257599 Cross-References: CVE-2026-1703 CVSS scores: CVE-2026-1703 SUSE : 3.1...

3.1CVSS5.5AI score0.0039EPSS

Exploits1References1

Github Security Blog•added 2026/02/02 3:30 p.m.•8 views

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score0.0039EPSS

Exploits1References5Affected Software1

OSV•added 2026/02/02 3:30 p.m.•3 views

GHSA-6VGW-5PG2-W6JP pip Path Traversal vulnerability

2CVSS5.3AI score0.0039EPSS

Exploits1References5

OSV•added 2026/02/02 3:16 p.m.•7 views

AZL-76496 CVE-2026-1703 affecting package python-virtualenv 20.26.6-2

2CVSS5.7AI score0.0039EPSS

Exploits1References1

Rows per page