Virtualenv
This hub aggregates every CVE we track for Virtualenv, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM2LOW1HIGH1
Monthly trend
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Virtualenv.
- CVE-2026-22702virtualenv Has TOCTOU Vulnerabilities in Directory Creation4.5
- CVE-2024-53899virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the sa...7.8
- CVE-2013-5123The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.5.9
- CVE-2011-4617virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.1.2
Product normalization is registry-driven with AI assist and human review. How it works