VIR Vulnerability Intelligence Relay

Package impact

python PyPI / pip

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2013-1629 medium 6.8 13y ago pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code v… debianpython
CVE-2026-6357 medium 5.5 1mo ago pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere susedebianpython
CVE-2026-3219 medium 5.5 1mo ago pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files susedebianpython
CVE-2021-3572 medium 5.5 5y ago Moderate: python38:3.8 and python38-devel:3.8 security update archsuserockylinuxdebian+1
CVE-2019-20916 medium 5.5 5y ago Moderate: python27:2.7 security update suserockylinuxdebianpython
CVE-2014-8991 low 2.1 4y ago pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. susedebianpython
CVE-2013-1888 low 2.1 4y ago pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. fedoradebianpython