Latest version: v24.3.1
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2015-2296 | 25961 |
Pip 6.1.0 updates its bundled dependency 'requests' to 2.6.0 to inclu… |
|
MEDIUM | 6.8 |
| CVE-2014-8991 | 25960 |
pip before 6.0 is not using a randomized and secure default build dir… |
|
LOW | 2.1 |
| CVE-2023-5752 | 62044 |
Affected versions of Pip are vulnerable to Command Injection. When in… |
|
LOW | 3.3 |
| CVE-2018-20225 | 67599 |
An issue was discovered in Pip (all versions) because it installs the… |
|
HIGH | 7.8 |
| CVE-2021-3572 | 42559 |
A flaw was found in python-pip in the way it handled Unicode separato… |
|
MEDIUM | 5.7 |
| CVE-2021-28363 | 40291 |
Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security … |
|
MEDIUM | 6.5 |
| CVE-2019-20916 | 38765 |
Versions of Pip prior to 19.2 are vulnerable to a directory traversal… |
|
HIGH | 7.5 |
| CVE-2013-5123 | 37752 |
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 us… |
|
MEDIUM | 5.9 |
| CVE-2013-2099 | 25959 |
Pip 1.4 includes a security fix related to certificate DNS wildcard m… |
|
MEDIUM | 4.3 |
| CVE-2013-1629 | 33140 |
pip before 1.3 uses HTTP to retrieve packages from the PyPI repositor… |
|
MEDIUM | 6.8 |
| CVE-2013-1888 | 33141 |
pip before 1.3 allows local users to overwrite arbitrary files via a … |
|
LOW | 2.1 |