All 4 CVE vulnerabilities found in pip, with AI-generated Chinese analysis, references, and POCs.
Vendor: Pip maintainers
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3219 | pip doesn't reject concatenated ZIP and tar archives | 7.7AI | HighAI | 2026-04-20 |
| CVE-2026-1703 | Limited path traversal when installing wheel archives CWE-22 | 7.7AI | HighAI | 2026-02-02 |
| CVE-2025-8869 | Fallback tar extraction in pip doesn't check symbolic links point to extraction directory | 6.1AI | MediumAI | 2025-09-24 |
| CVE-2023-5752 | Mercurial configuration injectable in repo revision when installing via pip CWE-77 | 5.5 | Medium | 2023-10-24 |
All 4 known CVE vulnerabilities affecting pip with full Chinese analysis, references, and POCs where available.