Pypa Pip
4 CVEs affecting Pypa Pip. Latest disclosed: 2026-06-01. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-8643 | Medium | 5.5 | 2026-06-01 | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, lea… |
CVE-2014-8991 | | 2014-11-24 | pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. | |
CVE-2013-1888 | | 2013-08-17 | pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | |
CVE-2013-1629 | | 2013-08-06 | pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-midd… |