Python-poetry Poetry
4 CVEs affecting Python-poetry Poetry. Latest disclosed: 2026-04-24. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36069 | High | 7.3 | 2022-09-07 | Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such… |
CVE-2022-36070 | High | 7.3 | 2022-09-07 | Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These c… |
CVE-2026-41140 | | 2026-04-24 | Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without pat… | |
CVE-2026-34591 | | 2026-04-02 | Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without… |