Setuptools
This hub aggregates every CVE we track for Setuptools, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3MEDIUM2
Monthly trend
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Setuptools.
- CVE-2026-23949jaraco.context Has a Path Traversal Vulnerability8.6
- CVE-2025-47273setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write8.8
- CVE-2024-6345Remote Code Execution in pypa/setuptools8.8
- CVE-2022-40897Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Express...5.9
- CVE-2013-1633easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to...6.8
Product normalization is registry-driven with AI assist and human review. How it works