Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pypa vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2023-5752
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mer...
Pypa Pip
6 Github repositories
7.5
CVSSv3
CVE-2022-40898
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and previous versions allows remote malicious users to cause a denial of service via attacker controlled input to wheel cli.
Wheel Project Wheel
1 Github repository
5.9
CVSSv3
CVE-2022-40897
Python Packaging Authority (PyPA) setuptools prior to 65.5.1 allows remote malicious users to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Python Setuptools
4 Github repositories
8.6
CVSSv3
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an malicious user to insert a specially crafted string inside a comment anywhere within a requirements.txt fil...
Pypa Pipenv
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
3 Github repositories
5.7
CVSSv3
CVE-2021-3572
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip...
Pypa Pip
Oracle Agile Plm 9.3.6
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Policy 22.1.3
3 Github repositories
7.5
CVSSv3
CVE-2019-20916
The pip package prior to 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in...
Pypa Pip
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
3 Github repositories
7.8
CVSSv3
CVE-2018-20225
An issue exists in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package...
Pypa Pip
3 Github repositories
5.9
CVSSv3
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip prior to 1.5 uses insecure DNS querying and authenticity checks which allows malicious users to perform man-in-the-middle attacks.
Pypa Pip
Virtualenv Virtualenv 12.0.7
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Redhat Openshift 1.0
Redhat Openshift 2.0
Redhat Software Collections -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
NA
CVE-2014-8991
pip 1.3 up to and including 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Pypa Pip
Oracle Solaris 11.2
NA
CVE-2013-1888
pip prior to 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Pypa Pip
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »