Lucene search
K

30 matches found

Rockylinux
Rockylinux
added 6 days ago3 views

python3.14-pip security update

An update is available for python3.14-pip. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

8CVSS6.1AI score0.0032EPSS
Exploits0
Rockylinux
Rockylinux
added 6 days ago3 views

python3.14-pip security update

An update is available for python3.14-pip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

8CVSS6.1AI score0.0032EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week5 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
OSV
OSV
added 2026/07/03 7:35 p.m.3 views

SUSE-SU-2026:2758-1 Security update for python-pip

This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation bsc1263442...

5.3CVSS6.7AI score0.00144EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : python-pip (SUSE-SU-2026:2634-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2634-1 advisory. This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP...

8CVSS5.9AI score0.0032EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 1:55 p.m.2 views

SUSE-SU-2026:2634-1 Security update for python-pip

This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation bsc1263442. - CVE-2026-8643: path traversal via malicious entry point...

8CVSS6.4AI score0.0032EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

8CVSS6.2AI score0.0032EPSS
Exploits0References4
OSV
OSV
added 2026/06/20 6:23 p.m.3 views

SUSE-SU-2026:22300-1 Security update for python-pip

This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...

8CVSS7.3AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:17 p.m.2 views

OPENSUSE-SU-2026:20993-1 Security update for python-pip

This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...

8CVSS5.9AI score0.0032EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 8:33 p.m.16 views

PDM wheel installation leads to Path Traversal via overridden write_to_fs

InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...

7.1CVSS5.6AI score0.00468EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/29 7:26 p.m.42 views

uv is vulnerable to arbitrary file write through entry point names

Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...

6.2AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/27 5:3 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

8.5CVSS6.3AI score0.0032EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3317 (ALAS-2026-3317)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3317 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred ...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.12 views

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1653)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1653 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.19 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1654)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1654 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/04/30 8:10 a.m.9 views

pip self-update functionality can import newly installed modules after wheel installation

...

5.3CVSS6.2AI score0.00138EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/30 2:30 a.m.10 views

SUSE CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.8CVSS5.3AI score0.00138EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/27 3:30 p.m.14 views

pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/27 2:19 p.m.1 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS6.3AI score0.00138EPSS
Exploits0References7
Rows per page
Query Builder