Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pip@6.0.1
Typepypi
Namespace
Namepip
Version6.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.1.2
Latest_non_vulnerable_version26.1.2
Affected_by_vulnerabilities
0
url VCID-1772-cj19-t7az
vulnerability_id VCID-1772-cj19-t7az
summary The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html
2
reference_url https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace
reference_id
reference_type
scores
url https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace
3
reference_url https://github.com/pypa/pip/compare/19.1.1...19.2
reference_id
reference_type
scores
url https://github.com/pypa/pip/compare/19.1.1...19.2
4
reference_url https://github.com/pypa/pip/issues/6413
reference_id
reference_type
scores
url https://github.com/pypa/pip/issues/6413
5
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html
fixed_packages
0
url pkg:pypi/pip@19.2
purl pkg:pypi/pip@19.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1as6-9kq7-d7gy
1
vulnerability VCID-4w7q-2w5c-ukax
2
vulnerability VCID-581f-gdwr-yqe5
3
vulnerability VCID-8n5t-6n1v-8fg4
4
vulnerability VCID-gybk-y671-fqb8
5
vulnerability VCID-mh4d-1b2e-bqem
6
vulnerability VCID-puwk-1brv-u7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@19.2
aliases PYSEC-2020-192
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1772-cj19-t7az
1
url VCID-1as6-9kq7-d7gy
vulnerability_id VCID-1as6-9kq7-d7gy
summary 
When installing a package from a Mercurial VCS URL  (ie "pip install 
hg+...") with pip prior to v23.3, the specified Mercurial revision could
 be used to inject arbitrary configuration options to the "hg clone" 
call (ie "--config"). Controlling the Mercurial configuration can modify
 how and which repository is installed. This vulnerability does not 
affect users who aren't installing from Mercurial.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5752.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5752.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5752
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22764
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5752
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5752
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml
5
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
6
reference_url https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4
7
reference_url https://github.com/pypa/pip/pull/12306
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://github.com/pypa/pip/pull/12306
8
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ
14
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL
15
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250765
reference_id 2250765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250765
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/
reference_id 622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/
reference_id 65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5752
reference_id CVE-2023-5752
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5752
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/
reference_id FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/
21
reference_url https://github.com/advisories/GHSA-mq26-g339-26xf
reference_id GHSA-mq26-g339-26xf
reference_type
scores
url https://github.com/advisories/GHSA-mq26-g339-26xf
22
reference_url https://security.gentoo.org/glsa/202501-03
reference_id GLSA-202501-03
reference_type
scores
url https://security.gentoo.org/glsa/202501-03
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/
reference_id KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/
24
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/
reference_id YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/
fixed_packages
0
url pkg:pypi/pip@23.3
purl pkg:pypi/pip@23.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4w7q-2w5c-ukax
1
vulnerability VCID-581f-gdwr-yqe5
2
vulnerability VCID-8n5t-6n1v-8fg4
3
vulnerability VCID-gybk-y671-fqb8
4
vulnerability VCID-puwk-1brv-u7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@23.3
aliases CVE-2023-5752, GHSA-mq26-g339-26xf, PYSEC-2023-228
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1as6-9kq7-d7gy
2
url VCID-4w7q-2w5c-ukax
vulnerability_id VCID-4w7q-2w5c-ukax
summary 
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706 and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706 then pip doesn't use the "vulnerable" fallback code. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12), applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8869.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8869
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06582
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8869
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
6
reference_url https://github.com/pypa/pip/pull/13550
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T19:47:29Z/
url https://github.com/pypa/pip/pull/13550
7
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
8
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
9
reference_url https://pip.pypa.io/en/stable/news/#v25-2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pip.pypa.io/en/stable/news/#v25-2
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116336
reference_id 1116336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116336
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2397852
reference_id 2397852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2397852
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8869
reference_id CVE-2025-8869
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8869
13
reference_url https://github.com/advisories/GHSA-4xh5-x5gv-qwph
reference_id GHSA-4xh5-x5gv-qwph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xh5-x5gv-qwph
14
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
reference_id IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T19:47:29Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
fixed_packages
0
url pkg:pypi/pip@25.3
purl pkg:pypi/pip@25.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-581f-gdwr-yqe5
1
vulnerability VCID-8n5t-6n1v-8fg4
2
vulnerability VCID-gybk-y671-fqb8
3
vulnerability VCID-puwk-1brv-u7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@25.3
aliases CVE-2025-8869, GHSA-4xh5-x5gv-qwph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4w7q-2w5c-ukax
3
url VCID-581f-gdwr-yqe5
vulnerability_id VCID-581f-gdwr-yqe5
summary 
pip Path Traversal vulnerability
When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1703.json
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1703.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1703
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09094
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1703
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1703
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735
reference_id
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:21:09Z/
url https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735
6
reference_url https://github.com/pypa/pip/pull/13777
reference_id
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:21:09Z/
url https://github.com/pypa/pip/pull/13777
7
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126875
reference_id 1126875
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126875
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436000
reference_id 2436000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436000
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1703
reference_id CVE-2026-1703
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1703
11
reference_url https://github.com/advisories/GHSA-6vgw-5pg2-w6jp
reference_id GHSA-6vgw-5pg2-w6jp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vgw-5pg2-w6jp
12
reference_url https://access.redhat.com/errata/RHSA-2026:7610
reference_id RHSA-2026:7610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7610
13
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
reference_id WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:21:09Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
fixed_packages
0
url pkg:pypi/pip@26.0
purl pkg:pypi/pip@26.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8n5t-6n1v-8fg4
1
vulnerability VCID-gybk-y671-fqb8
2
vulnerability VCID-puwk-1brv-u7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@26.0
aliases CVE-2026-1703, GHSA-6vgw-5pg2-w6jp
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-581f-gdwr-yqe5
4
url VCID-8n5t-6n1v-8fg4
vulnerability_id VCID-8n5t-6n1v-8fg4
summary python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8643.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8643.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-8643
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06502
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-8643
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8643
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8643
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip/pull/14000
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T18:57:40Z/
url https://github.com/pypa/pip/pull/14000
5
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T18:57:40Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/
6
reference_url http://www.openwall.com/lists/oss-security/2026/06/01/5
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url http://www.openwall.com/lists/oss-security/2026/06/01/5
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138220
reference_id 1138220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138220
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460927
reference_id 2460927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460927
fixed_packages
0
url pkg:pypi/pip@26.1.2
purl pkg:pypi/pip@26.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@26.1.2
aliases CVE-2026-8643, PYSEC-2026-196
risk_score 3.6
exploitability 0.5
weighted_severity 7.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n5t-6n1v-8fg4
5
url VCID-g99f-q7vc-gyeg
vulnerability_id VCID-g99f-q7vc-gyeg
summary The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20916.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20916.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-20916
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70524
published_at 2026-06-05T12:55:00Z
1
value 0.00622
scoring_system epss
scoring_elements 0.70482
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-20916
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20916
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20916
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-gpvv-69j7-gwj8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gpvv-69j7-gwj8
7
reference_url https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2020-173.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2020-173.yaml
9
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
10
reference_url https://github.com/pypa/pip/compare/19.1.1...19.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/compare/19.1.1...19.2
11
reference_url https://github.com/pypa/pip/issues/6413
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/issues/6413
12
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868135
reference_id 1868135
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868135
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-20916
reference_id CVE-2019-20916
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-20916
17
reference_url https://access.redhat.com/errata/RHSA-2020:4273
reference_id RHSA-2020:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4273
18
reference_url https://access.redhat.com/errata/RHSA-2020:4285
reference_id RHSA-2020:4285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4285
19
reference_url https://access.redhat.com/errata/RHSA-2020:4432
reference_id RHSA-2020:4432
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4432
20
reference_url https://access.redhat.com/errata/RHSA-2020:4654
reference_id RHSA-2020:4654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4654
21
reference_url https://access.redhat.com/errata/RHSA-2022:5234
reference_id RHSA-2022:5234
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5234
22
reference_url https://usn.ubuntu.com/4601-1/
reference_id USN-4601-1
reference_type
scores
url https://usn.ubuntu.com/4601-1/
fixed_packages
0
url pkg:pypi/pip@19.2
purl pkg:pypi/pip@19.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1as6-9kq7-d7gy
1
vulnerability VCID-4w7q-2w5c-ukax
2
vulnerability VCID-581f-gdwr-yqe5
3
vulnerability VCID-8n5t-6n1v-8fg4
4
vulnerability VCID-gybk-y671-fqb8
5
vulnerability VCID-mh4d-1b2e-bqem
6
vulnerability VCID-puwk-1brv-u7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@19.2
aliases CVE-2019-20916, GHSA-gpvv-69j7-gwj8, PYSEC-2020-173
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g99f-q7vc-gyeg
6
url VCID-gybk-y671-fqb8
vulnerability_id VCID-gybk-y671-fqb8
summary pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6357.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6357.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6357
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04366
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6357
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad
6
reference_url https://github.com/pypa/pip/pull/13923
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T16:08:15Z/
url https://github.com/pypa/pip/pull/13923
7
reference_url https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T16:08:15Z/
url https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-6357
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-6357
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/27/7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/27/7
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135110
reference_id 1135110
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135110
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2463234
reference_id 2463234
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2463234
12
reference_url https://github.com/advisories/GHSA-jp4c-xjxw-mgf9
reference_id GHSA-jp4c-xjxw-mgf9
reference_type
scores
url https://github.com/advisories/GHSA-jp4c-xjxw-mgf9
fixed_packages
0
url pkg:pypi/pip@26.1
purl pkg:pypi/pip@26.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8n5t-6n1v-8fg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@26.1
aliases CVE-2026-6357, GHSA-jp4c-xjxw-mgf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gybk-y671-fqb8
7
url VCID-mh4d-1b2e-bqem
vulnerability_id VCID-mh4d-1b2e-bqem
summary silent downgrade
references
0
reference_url https://access.redhat.com/errata/RHSA-2021:3254
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2021:3254
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3572.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3572.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3572
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47264
published_at 2026-06-05T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47199
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3572
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1962856
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1962856
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2021-437.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2021-437.yaml
8
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
9
reference_url https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
10
reference_url https://github.com/pypa/pip/pull/9827
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/pull/9827
11
reference_url https://packetstormsecurity.com/files/162712/USN-4961-1.txt
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/162712/USN-4961-1.txt
12
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://security.archlinux.org/AVG-2036
reference_id AVG-2036
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2036
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3572
reference_id CVE-2021-3572
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3572
17
reference_url https://access.redhat.com/errata/RHSA-2021:4160
reference_id RHSA-2021:4160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4160
18
reference_url https://access.redhat.com/errata/RHSA-2021:4162
reference_id RHSA-2021:4162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4162
19
reference_url https://access.redhat.com/errata/RHSA-2021:4455
reference_id RHSA-2021:4455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4455
20
reference_url https://usn.ubuntu.com/USN-4961-2/
reference_id USN-USN-4961-2
reference_type
scores
url https://usn.ubuntu.com/USN-4961-2/
fixed_packages
0
url pkg:pypi/pip@21.1
purl pkg:pypi/pip@21.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1as6-9kq7-d7gy
1
vulnerability VCID-4w7q-2w5c-ukax
2
vulnerability VCID-581f-gdwr-yqe5
3
vulnerability VCID-8n5t-6n1v-8fg4
4
vulnerability VCID-gybk-y671-fqb8
5
vulnerability VCID-puwk-1brv-u7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@21.1
aliases CVE-2021-3572, GHSA-5xp3-jfq3-5q8x, PYSEC-2021-437
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mh4d-1b2e-bqem
8
url VCID-puwk-1brv-u7b1
vulnerability_id VCID-puwk-1brv-u7b1
summary pip: pip: Incorrect file installation due to improper archive handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3219.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3219
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05165
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3219
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3219
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/issues/13867
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/issues/13867
6
reference_url https://github.com/pypa/pip/pull/13870
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:03:20Z/
url https://github.com/pypa/pip/pull/13870
7
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3219
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3219
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/20/8
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/20/8
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134492
reference_id 1134492
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134492
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459774
reference_id 2459774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459774
12
reference_url https://github.com/advisories/GHSA-58qw-9mgm-455v
reference_id GHSA-58qw-9mgm-455v
reference_type
scores
url https://github.com/advisories/GHSA-58qw-9mgm-455v
13
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/
reference_id QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-20T16:03:20Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/
14
reference_url https://access.redhat.com/errata/RHSA-2026:20074
reference_id RHSA-2026:20074
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20074
fixed_packages
0
url pkg:pypi/pip@26.1
purl pkg:pypi/pip@26.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8n5t-6n1v-8fg4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@26.1
aliases CVE-2026-3219, GHSA-58qw-9mgm-455v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puwk-1brv-u7b1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pip@6.0.1