Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/7526?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/7526?format=api", "purl": "pkg:pypi/pip@1.3", "type": "pypi", "namespace": "", "name": "pip", "version": "1.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "23.3", "latest_non_vulnerable_version": "26.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36594?format=api", "vulnerability_id": "VCID-1as6-9kq7-d7gy", "summary": "When installing a package from a Mercurial VCS URL (ie \"pip install \nhg+...\") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the \"hg clone\" \ncall (ie \"--config\"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren't installing from Mercurial.", "references": [ { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml" }, { "reference_url": "https://github.com/pypa/pip", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip" }, { "reference_url": "https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4" }, { "reference_url": "https://github.com/pypa/pip/pull/12306", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/pypa/pip/pull/12306" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "reference_id": "", "reference_type": "", "scores": [], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752", "reference_id": "CVE-2023-5752", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752" }, { "reference_url": "https://github.com/advisories/GHSA-mq26-g339-26xf", "reference_id": "GHSA-mq26-g339-26xf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mq26-g339-26xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37730?format=api", "purl": "pkg:pypi/pip@23.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@23.3" } ], "aliases": [ "CVE-2023-5752", "GHSA-mq26-g339-26xf", "PYSEC-2023-228" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1as6-9kq7-d7gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34938?format=api", "vulnerability_id": "VCID-3x2g-szs1-2ueh", "summary": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2014-11.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2014-11.yaml" }, { "reference_url": "https://github.com/pypa/pip", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip" }, { "reference_url": "https://github.com/pypa/pip/commit/043fe9f5700315d97f83609c1f59deece8f1b901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/commit/043fe9f5700315d97f83609c1f59deece8f1b901" }, { "reference_url": "https://github.com/pypa/pip/pull/2122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/pull/2122" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/19/17", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/19/17" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/20/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/20/6" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "reference_url": "http://www.securityfocus.com/bid/71209", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8991", "reference_id": "CVE-2014-8991", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8991" }, { "reference_url": "https://github.com/advisories/GHSA-53mr-44pp-crf4", "reference_id": "GHSA-53mr-44pp-crf4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-53mr-44pp-crf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8723?format=api", "purl": "pkg:pypi/pip@6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1as6-9kq7-d7gy" }, { "vulnerability": "VCID-g99f-q7vc-gyeg" }, { "vulnerability": "VCID-mh4d-1b2e-bqem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@6.0" } ], "aliases": [ "CVE-2014-8991", "GHSA-53mr-44pp-crf4", "PYSEC-2014-11" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3x2g-szs1-2ueh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35614?format=api", "vulnerability_id": "VCID-g99f-q7vc-gyeg", "summary": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html" }, { "reference_url": "https://github.com/advisories/GHSA-gpvv-69j7-gwj8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gpvv-69j7-gwj8" }, { "reference_url": "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace" }, { "reference_url": "https://github.com/pypa/pip/compare/19.1.1...19.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/compare/19.1.1...19.2" }, { "reference_url": "https://github.com/pypa/pip/issues/6413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/issues/6413" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18232?format=api", "purl": "pkg:pypi/pip@19.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1as6-9kq7-d7gy" }, { "vulnerability": "VCID-mh4d-1b2e-bqem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@19.2" } ], "aliases": [ "CVE-2019-20916", "GHSA-gpvv-69j7-gwj8", "PYSEC-2020-173" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g99f-q7vc-gyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6887?format=api", "vulnerability_id": "VCID-mh4d-1b2e-bqem", "summary": "silent downgrade", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3254", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3254" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962856" }, { "reference_url": "https://github.com/advisories/GHSA-5xp3-jfq3-5q8x", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5xp3-jfq3-5q8x" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2021-437.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2021-437.yaml" }, { "reference_url": "https://github.com/pypa/pip", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip" }, { "reference_url": "https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b" }, { "reference_url": "https://github.com/pypa/pip/pull/9827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/pull/9827" }, { "reference_url": "https://packetstormsecurity.com/files/162712/USN-4961-1.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://packetstormsecurity.com/files/162712/USN-4961-1.txt" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://security.archlinux.org/AVG-2036", "reference_id": "AVG-2036", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2036" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3572", "reference_id": "CVE-2021-3572", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3572" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24933?format=api", "purl": "pkg:pypi/pip@21.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1as6-9kq7-d7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@21.1" } ], "aliases": [ "CVE-2021-3572", "GHSA-5xp3-jfq3-5q8x", "PYSEC-2021-437" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mh4d-1b2e-bqem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35432?format=api", "vulnerability_id": "VCID-vqxe-ay7u-yfgj", "summary": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123" }, { "reference_url": "https://github.com/advisories/GHSA-c5h8-cq4v-cvfm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c5h8-cq4v-cvfm" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2013-5123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2013-5123" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/08/21/17", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/08/21/17" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/08/21/18", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/08/21/18" }, { "reference_url": "http://www.securityfocus.com/bid/77520", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/77520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8716?format=api", "purl": "pkg:pypi/pip@1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1as6-9kq7-d7gy" }, { "vulnerability": "VCID-3x2g-szs1-2ueh" }, { "vulnerability": "VCID-g99f-q7vc-gyeg" }, { "vulnerability": "VCID-mh4d-1b2e-bqem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@1.5" } ], "aliases": [ "CVE-2013-5123", "GHSA-c5h8-cq4v-cvfm", "PYSEC-2019-160" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqxe-ay7u-yfgj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34806?format=api", "vulnerability_id": "VCID-gj8g-9yaz-nqbc", "summary": "pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html" }, { "reference_url": "https://github.com/advisories/GHSA-4gv5-qhvr-36vv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4gv5-qhvr-36vv" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2013-9.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2013-9.yaml" }, { "reference_url": "https://github.com/pypa/pip", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip" }, { "reference_url": "https://github.com/pypa/pip/issues/725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/issues/725" }, { "reference_url": "https://github.com/pypa/pip/pull/734/files", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/pull/734/files" }, { "reference_url": "https://github.com/pypa/pip/pull/780/files", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/pull/780/files" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/03/22/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/03/22/10" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1888", "reference_id": "CVE-2013-1888", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7526?format=api", "purl": "pkg:pypi/pip@1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1as6-9kq7-d7gy" }, { "vulnerability": "VCID-3x2g-szs1-2ueh" }, { "vulnerability": "VCID-g99f-q7vc-gyeg" }, { "vulnerability": "VCID-mh4d-1b2e-bqem" }, { "vulnerability": "VCID-vqxe-ay7u-yfgj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@1.3" } ], "aliases": [ "CVE-2013-1888", "GHSA-4gv5-qhvr-36vv", "PYSEC-2013-9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj8g-9yaz-nqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34802?format=api", "vulnerability_id": "VCID-nuzx-bhxz-ukdr", "summary": "pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a \"pip install\" operation.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=968059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=968059" }, { "reference_url": "https://github.com/advisories/GHSA-g3p5-fjj9-h8gj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g3p5-fjj9-h8gj" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2013-8.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2013-8.yaml" }, { "reference_url": "https://github.com/pypa/pip", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip" }, { "reference_url": "https://github.com/pypa/pip/issues/425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/issues/425" }, { "reference_url": "https://github.com/pypa/pip/pull/791/files", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/pip/pull/791/files" }, { "reference_url": "http://www.pip-installer.org/en/latest/installing.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.pip-installer.org/en/latest/installing.html" }, { "reference_url": "http://www.pip-installer.org/en/latest/news.html#changelog", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.pip-installer.org/en/latest/news.html#changelog" }, { "reference_url": "http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1629", "reference_id": "CVE-2013-1629", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7526?format=api", "purl": "pkg:pypi/pip@1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1as6-9kq7-d7gy" }, { "vulnerability": "VCID-3x2g-szs1-2ueh" }, { "vulnerability": "VCID-g99f-q7vc-gyeg" }, { "vulnerability": "VCID-mh4d-1b2e-bqem" }, { "vulnerability": "VCID-vqxe-ay7u-yfgj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@1.3" } ], "aliases": [ "CVE-2013-1629", "GHSA-g3p5-fjj9-h8gj", "PYSEC-2013-8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nuzx-bhxz-ukdr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pip@1.3" }