Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pip@21.1.3
Typepypi
Namespace
Namepip
Version21.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.0
Latest_non_vulnerable_version26.0
Affected_by_vulnerabilities
0
url VCID-ecex-5hqz-9bbd
vulnerability_id VCID-ecex-5hqz-9bbd
summary 
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706 and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706 then pip doesn't use the "vulnerable" fallback code. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12), applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8869.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8869
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.03834
published_at 2026-04-18T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.03824
published_at 2026-04-16T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05413
published_at 2026-04-13T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.0542
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05433
published_at 2026-04-11T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05459
published_at 2026-04-09T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05438
published_at 2026-04-08T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05403
published_at 2026-04-07T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05397
published_at 2026-04-04T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05366
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8869
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
6
reference_url https://github.com/pypa/pip/pull/13550
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T19:47:29Z/
url https://github.com/pypa/pip/pull/13550
7
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
8
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
9
reference_url https://pip.pypa.io/en/stable/news/#v25-2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pip.pypa.io/en/stable/news/#v25-2
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116336
reference_id 1116336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116336
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2397852
reference_id 2397852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2397852
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8869
reference_id CVE-2025-8869
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8869
13
reference_url https://github.com/advisories/GHSA-4xh5-x5gv-qwph
reference_id GHSA-4xh5-x5gv-qwph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xh5-x5gv-qwph
14
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
reference_id IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T19:47:29Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
fixed_packages
0
url pkg:pypi/pip@25.3
purl pkg:pypi/pip@25.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-etur-1aaz-9uf3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@25.3
aliases CVE-2025-8869, GHSA-4xh5-x5gv-qwph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecex-5hqz-9bbd
1
url VCID-etur-1aaz-9uf3
vulnerability_id VCID-etur-1aaz-9uf3
summary 
pip Path Traversal vulnerability
When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1703.json
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1703.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1703
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05935
published_at 2026-04-04T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.05901
published_at 2026-04-02T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06002
published_at 2026-04-09T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.05962
published_at 2026-04-08T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.05924
published_at 2026-04-07T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07162
published_at 2026-04-11T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07143
published_at 2026-04-13T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07151
published_at 2026-04-12T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07078
published_at 2026-04-16T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07054
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1703
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1703
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735
reference_id
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:21:09Z/
url https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735
6
reference_url https://github.com/pypa/pip/pull/13777
reference_id
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:21:09Z/
url https://github.com/pypa/pip/pull/13777
7
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1703
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1703
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126875
reference_id 1126875
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126875
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436000
reference_id 2436000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436000
11
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
reference_id WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:21:09Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
fixed_packages
0
url pkg:pypi/pip@26.0
purl pkg:pypi/pip@26.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@26.0
aliases CVE-2026-1703, GHSA-6vgw-5pg2-w6jp
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etur-1aaz-9uf3
2
url VCID-g6gg-vgks-xyeb
vulnerability_id VCID-g6gg-vgks-xyeb
summary 
When installing a package from a Mercurial VCS URL  (ie "pip install 
hg+...") with pip prior to v23.3, the specified Mercurial revision could
 be used to inject arbitrary configuration options to the "hg clone" 
call (ie "--config"). Controlling the Mercurial configuration can modify
 how and which repository is installed. This vulnerability does not 
affect users who aren't installing from Mercurial.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5752.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5752.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5752
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22709
published_at 2026-04-02T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22604
published_at 2026-04-18T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22607
published_at 2026-04-16T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22592
published_at 2026-04-13T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.22648
published_at 2026-04-12T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.22753
published_at 2026-04-04T12:55:00Z
6
value 0.00075
scoring_system epss
scoring_elements 0.22688
published_at 2026-04-11T12:55:00Z
7
value 0.00075
scoring_system epss
scoring_elements 0.22671
published_at 2026-04-09T12:55:00Z
8
value 0.00075
scoring_system epss
scoring_elements 0.22617
published_at 2026-04-08T12:55:00Z
9
value 0.00075
scoring_system epss
scoring_elements 0.2254
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5752
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5752
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5752
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml
5
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
6
reference_url https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4
7
reference_url https://github.com/pypa/pip/pull/12306
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://github.com/pypa/pip/pull/12306
8
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ
14
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL
15
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250765
reference_id 2250765
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250765
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/
reference_id 622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/
reference_id 65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5752
reference_id CVE-2023-5752
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5752
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/
reference_id FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/
21
reference_url https://github.com/advisories/GHSA-mq26-g339-26xf
reference_id GHSA-mq26-g339-26xf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mq26-g339-26xf
22
reference_url https://security.gentoo.org/glsa/202501-03
reference_id GLSA-202501-03
reference_type
scores
url https://security.gentoo.org/glsa/202501-03
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/
reference_id KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/
24
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/
reference_id YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T13:38:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/
fixed_packages
0
url pkg:pypi/pip@23.3
purl pkg:pypi/pip@23.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ecex-5hqz-9bbd
1
vulnerability VCID-etur-1aaz-9uf3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pip@23.3
aliases CVE-2023-5752, GHSA-mq26-g339-26xf, PYSEC-2023-228
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6gg-vgks-xyeb
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pip@21.1.3