Python-pip
This hub aggregates every CVE we track for Python-pip, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM2LOW1HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Python-pip.
- CVE-2026-1703Limited path traversal when installing wheel archives3.5
- CVE-2023-5752Mercurial configuration injectable in repo revision when installing via pip5.5
- CVE-2021-3572A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highe...5.7
- CVE-2019-20916The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by over...7.5
Product normalization is registry-driven with AI assist and human review. How it works