All 4 CVE vulnerabilities found in poetry, with AI-generated Chinese analysis, references, and POCs.
Vendor: python-poetry
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41140 | Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 CWE-22 | 9.1AI | CriticalAI | 2026-04-24 |
| CVE-2026-34591 | Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write CWE-22 | 7.8AI | HighAI | 2026-04-02 |
| CVE-2022-36069 | Poetry Argument Injection vulnerability can lead to local Code Execution CWE-94 | 7.3 | High | 2022-09-07 |
| CVE-2022-36070 | Poetry's Untrusted Search Path can lead to Local Code Execution on Windows CWE-426 | 7.3 | High | 2022-09-07 |
All 4 known CVE vulnerabilities affecting poetry with full Chinese analysis, references, and POCs where available.