By vendor
Pypa vulnerabilities
Known CVEs affecting Pypa products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-8643MEDIUM 5.5
pip, Python's package installer, has a flaw in how it handles console scripts and GUI scripts during package installation. Instead of treating these as simple command names, pip resolves them to file paths without properly validating the destination. This can allow an attacker to install entry points (executable scripts) outside the intended installation directory, potentially placing malicious scripts in system paths or other sensitive locations where they could be executed with the privileges of the user running pip.