Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip prior to 1.5 uses insecure DNS querying and authenticity checks which allows malicious users to perform man-in-the-middle attacks.
Pypa Pip
Virtualenv Virtualenv 12.0.7
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Redhat Openshift 1.0
Redhat Openshift 2.0
Redhat Software Collections -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
5
CVSSv2
CVE-2019-11324
The urllib3 library prior to 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This ...
Python Urllib3
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
3 Github repositories
4.3
CVSSv2
CVE-2019-11236
In the urllib3 library up to and including 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Python Urllib3
1 Github repository
5
CVSSv2
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...
Python Urllib3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5
CVSSv2
CVE-2018-18074
The Requests package prior to 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote malicious users to discover credentials by sniffing the network.
Python Requests
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
11 Github repositories
7.5
CVSSv2
CVE-2017-9980
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.
Greenpacket Dx-350 Firmware 2.8.9.5-g1.4.8-atheeb
2.1
CVSSv2
CVE-2014-8991
pip 1.3 up to and including 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Pypa Pip
Oracle Solaris 11.2
4.3
CVSSv2
CVE-2014-1965
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 up to and including 7.02, and 7.10 up to and including 7.11 for SAP NetWeaver allows remote malicious users to inject arbitrary w...
Sap Netweaver 7.10
Sap Netweaver 3.0
Sap Netweaver 7.0
Sap Netweaver 7.01
Sap Netweaver 7.02
Sap Netweaver 7.11
2.1
CVSSv2
CVE-2013-1888
pip prior to 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Pypa Pip
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
6.8
CVSSv2
CVE-2013-1629
pip prior to 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle malicious users to execute arbitrary code via a crafted response to a "pip install" operation.
Pypa Pip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »