| CVE-2013-1629 |
medium |
— |
6.8 |
|
|
|
13y ago |
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code v… |
| CVE-2026-6357 |
medium |
— |
5.5 |
|
|
|
1mo ago |
pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere |
| CVE-2026-3219 |
medium |
— |
5.5 |
|
|
|
1mo ago |
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files |
| CVE-2021-3572 |
medium |
— |
5.5 |
|
|
|
5y ago |
Moderate: python38:3.8 and python38-devel:3.8 security update |
| CVE-2019-20916 |
medium |
— |
5.5 |
|
|
|
5y ago |
Moderate: python27:2.7 security update |
| CVE-2014-8991 |
low |
— |
2.1 |
|
|
|
4y ago |
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. |
| CVE-2013-1888 |
low |
— |
2.1 |
|
|
|
4y ago |
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. |