CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Amazon•added 2026/04/30 12:0 a.m.•1 views

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.2AI score0.00026EPSS

Exploits1

Amazon•added 2026/04/30 12:0 a.m.•3 views

Low: python-pip

2CVSS5.2AI score0.00026EPSS

Exploits1

Tenable Nessus•added 2026/04/30 12:0 a.m.•4 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...

2CVSS5.4AI score0.00026EPSS

Exploits1References4

Snyk•added 2026/04/01 10:17 p.m.•0 views

Directory Traversal

Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of wheel destination path that is being constructed directly from untrusted wheel entry path without containment checks. An...

7.1CVSS6.5AI score0.00016EPSS

Exploits1References2

Tenable Nessus•added 2026/04/01 12:0 a.m.•1 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.00026EPSS

Exploits1References4

Amazon•added 2026/04/01 12:0 a.m.•3 views

Low: python3.12-pip

2CVSS5.8AI score0.00026EPSS

Exploits1

Amazon•added 2026/04/01 12:0 a.m.•4 views

Low: python3.11-pip

2CVSS5.8AI score0.00026EPSS

Exploits1

Amazon•added 2026/03/27 12:0 a.m.•3 views

Low: python3.13-pip

2CVSS5.8AI score0.00026EPSS

Exploits1

Tenable Nessus•added 2026/03/05 12:0 a.m.•4 views

TencentOS Server 4: python-pip (TSSA-2026:0096)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0096 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

2CVSS6AI score0.00026EPSS

Exploits1References2

OSV•added 2026/02/28 12:44 p.m.•4 views

OESA-2026-1448 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS5.9AI score0.00032EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•3 views

OESA-2026-1447 python-pip security update

8.9CVSS7.2AI score0.00032EPSS

Exploits1References3

OSV•added 2026/02/28 12:44 p.m.•3 views

OESA-2026-1446 python-pip security update

2CVSS5.9AI score0.00026EPSS

Exploits1References2

OSV•added 2026/02/28 12:44 p.m.•7 views

OESA-2026-1443 python-pip security update

8.9CVSS7.2AI score0.00032EPSS

Exploits1References3

OPENSUSE Linux•added 2026/02/14 12:0 a.m.•4 views

Security update for python-pip (low)

openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20202-1 Rating: low References: bsc1257599 Cross-References: CVE-2026-1703 CVSS scores: CVE-2026-1703 SUSE : 3.1...

3.1CVSS5.5AI score0.00026EPSS

Exploits1References1

OSV•added 2026/02/02 3:30 p.m.•2 views

GHSA-6VGW-5PG2-W6JP pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.3AI score0.00026EPSS

Exploits1References5