Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-pip@20.0.2-1?distro=trixie
purl pkg:deb/debian/python-pip@20.0.2-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vrnn-n6vw-gygb The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. CVE-2019-20916
GHSA-gpvv-69j7-gwj8
PYSEC-2020-173

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:06:30.427140+00:00 Debian Importer Fixing VCID-vrnn-n6vw-gygb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:32:43.510263+00:00 Debian Importer Fixing VCID-vrnn-n6vw-gygb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:50:51.352054+00:00 Debian Importer Fixing VCID-vrnn-n6vw-gygb https://security-tracker.debian.org/tracker/data/json 38.1.0