697 matches found
SUSE-SU-2026:22018-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...
GHSA-4GG8-GXPX-9RPH uv is vulnerable to arbitrary file write through entry point names
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
uv is vulnerable to arbitrary file write through entry point names
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.63 security and extras update
Red Hat OpenShift Container Platform release 4.16.63 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...
PT-2026-47548
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under console scripts or gui scripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
CVE-2026-8643
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...
Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3317 (ALAS-2026-3317)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3317 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred ...
Important: python-pip
Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-pip: python-pip-wheel-26.1.1-3.hum1 noarch python3-pip-26.1.1-3.hum1 noarch python-pip-26.1.1-3.hum1.src src...
Astra Linux – Vulnerability in Wheel
A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...
Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1653)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1653 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1654)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1654 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
Fedora 44 : pypy (2026-130f7539d3)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-130f7539d3 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Fedora 43 : pypy (2026-3505a95524)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3505a95524 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
Important: python-pip
Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...
Fedora 45 : pypy (2026-b58cd376d6)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b58cd376d6 advisory. Automatic update for pypy-7.3.22-2.fc45. Changelog Tue May 5 2026 Charalampos Stratakis - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel ...
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI the Python Package Index. We shared this information with the public security community, and the malware was removed from the repository. We submitted...