Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-pip@25.3%2Bdfsg-1?distro=trixie
Typedeb
Namespacedebian
Namepython-pip
Version25.3+dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version26.0+dfsg-1
Latest_non_vulnerable_version26.0.1+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ecex-5hqz-9bbd
vulnerability_id VCID-ecex-5hqz-9bbd
summary 
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706. Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706 and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706 then pip doesn't use the "vulnerable" fallback code. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12), applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8869.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8869
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.03834
published_at 2026-04-18T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.03824
published_at 2026-04-16T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05433
published_at 2026-04-11T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05459
published_at 2026-04-09T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05438
published_at 2026-04-08T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05403
published_at 2026-04-07T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05397
published_at 2026-04-04T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05366
published_at 2026-04-02T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05413
published_at 2026-04-13T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.0542
published_at 2026-04-12T12:55:00Z
10
value 0.00022
scoring_system epss
scoring_elements 0.05945
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8869
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/pip
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip
5
reference_url https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
6
reference_url https://github.com/pypa/pip/pull/13550
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T19:47:29Z/
url https://github.com/pypa/pip/pull/13550
7
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html
8
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
9
reference_url https://pip.pypa.io/en/stable/news/#v25-2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pip.pypa.io/en/stable/news/#v25-2
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116336
reference_id 1116336
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116336
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2397852
reference_id 2397852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2397852
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8869
reference_id CVE-2025-8869
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8869
13
reference_url https://github.com/advisories/GHSA-4xh5-x5gv-qwph
reference_id GHSA-4xh5-x5gv-qwph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xh5-x5gv-qwph
14
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
reference_id IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T19:47:29Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
fixed_packages
0
url pkg:deb/debian/python-pip@20.3.4-4%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-pip@20.3.4-4%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-etur-1aaz-9uf3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-pip@20.3.4-4%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/python-pip@20.3.4-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/python-pip@20.3.4-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-pip@20.3.4-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-pip@25.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/python-pip@25.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-pip@25.3%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/python-pip@26.0.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/python-pip@26.0.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-pip@26.0.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-8869, GHSA-4xh5-x5gv-qwph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecex-5hqz-9bbd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-pip@25.3%252Bdfsg-1%3Fdistro=trixie