pkg:PyPI/pip

All known vulnerabilities

• HIGH8.4CVE-2013-1629Improper Input Validation in pip
  from 0, < 1.3
• HIGH8.4CVE-2013-1629Improper Input Validation in pip
  from 0, < 1.3
• HIGH7.5CVE-2019-20916python-pip - security update
  from 0, < 19.2
• HIGH7.5python-pip - security update
  from 0, < a4c735b14a62f9cb864533808ac63936704f2ace | from 0, < 19.2
• MEDIUM6.2Improper Link Resolution Before File Access in pip
  from 0, < 1.3
• MEDIUM6.2Improper Link Resolution Before File Access in pip
  from 0, < 1.3
• MEDIUM6.2pip lack of randomness in build directory
  >= 1.3, < 6.0
• MEDIUM6.2pip lack of randomness in build directory
  >= 1.3, < 6.0
• MEDIUM5.9Improper Authentication in pip
  from 0, < 1.5
• MEDIUM5.9Improper Authentication in pip
  from 0, < 1.5
• MEDIUM5.7Improper Input Validation in pip
  from 0, < 21.1
• MEDIUM5.7Improper Input Validation in pip
  from 0, < 21.1
• MEDIUM5.5pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the install…
  from 0, < 26.1.2
• MEDIUM5.5python-pip - security update
  from 0, < 23.3
• MEDIUM5.5python-pip - security update
  from 0, < 23.3
• —pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
  from 0, < 26.1
• —pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
  from 0, < 26.1
• —pip Path Traversal vulnerability
  from 0, < 26.0
• —pip's fallback tar extraction doesn't check symbolic links point to extraction directory
  from 0, < 25.3