| CVE-2026-41140 |
unknown |
— |
— |
|
|
|
1mo ago |
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python version… |
| CVE-2026-34591 |
unknown |
— |
— |
|
|
|
2mo ago |
Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary … |
| CVE-2022-36070 |
unknown |
— |
— |
|
|
|
4y ago |
Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the exe… |
| CVE-2022-36069 |
unknown |
— |
— |
|
|
|
4y ago |
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are cons… |
| CVE-2022-26184 |
unknown |
— |
— |
|
|
|
4y ago |
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malic… |