pkg:PyPI/pip

18 total CVEsHIGH4MEDIUM10

✅ Check your installed version

All known vulnerabilities

  • HIGH8.4CVE-2013-1629Improper Input Validation in pip
    from 0, < 1.3
  • HIGH8.4CVE-2013-1629Improper Input Validation in pip
    from 0, < 1.3
  • HIGH7.5CVE-2019-20916python-pip - security update
    from 0, < 19.2
  • HIGH7.5CVE-2019-20916python-pip - security update
    from 0, < a4c735b14a62f9cb864533808ac63936704f2ace | from 0, < 19.2
  • MEDIUM6.2CVE-2013-1888Improper Link Resolution Before File Access in pip
    from 0, < 1.3
  • MEDIUM6.2CVE-2014-8991pip lack of randomness in build directory
    >= 1.3, < 6.0
  • MEDIUM6.2CVE-2014-8991pip lack of randomness in build directory
    >= 1.3, < 6.0
  • MEDIUM6.2CVE-2013-1888Improper Link Resolution Before File Access in pip
    from 0, < 1.3
  • MEDIUM5.9CVE-2013-5123Improper Authentication in pip
    from 0, < 1.5
  • MEDIUM5.9CVE-2013-5123Improper Authentication in pip
    from 0, < 1.5
  • MEDIUM5.7CVE-2021-3572Improper Input Validation in pip
    from 0, < 21.1
  • MEDIUM5.7CVE-2021-3572Improper Input Validation in pip
    from 0, < 21.1
  • MEDIUM5.5CVE-2023-5752Command Injection in pip when used with Mercurial
    from 0, < 23.3
  • MEDIUM5.5CVE-2023-5752Command Injection in pip when used with Mercurial
    from 0, < 23.3
  • CVE-2026-6357pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
    from 0, < 26.1
  • CVE-2026-3219pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
    from 0, < 26.1
  • CVE-2026-1703pip Path Traversal vulnerability
    from 0, < 26.0
  • CVE-2025-8869pip's fallback tar extraction doesn't check symbolic links point to extraction directory
    from 0, < 25.3