Information on source package python-pip

Available versions

ReleaseVersion
jessie1.5.6-5+deb8u2
stretch9.0.1-2+deb9u2
buster18.1-5
bullseye20.3.4-4+deb11u1
bookworm23.0.1+dfsg-1
trixie24.0+dfsg-2
sid24.0+dfsg-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-5752vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedWhen installing a package from a Mercurial VCS URL (ie "pip install ...
CVE-2021-3572fixedvulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedfixedfixedA flaw was found in python-pip in the way it handled Unicode separator ...
CVE-2019-20916fixedfixedvulnerable (no DSA)fixedfixedfixedfixedThe pip package before 19.2 for Python allows Directory Traversal when ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2018-20225vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn issue was discovered in pip (all versions) because it installs the ...

Resolved issues

BugDescription
CVE-2014-8991pip 1.3 through 1.5.6 allows local users to cause a denial of service ...
CVE-2013-5123The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...
CVE-2013-1888pip before 1.3 allows local users to overwrite arbitrary files via a s ...
CVE-2013-1629pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...

Security announcements

DSA / DLADescription
ELA-452-1python-pip - security update
DLA-2370-1python-pip - security update
ELA-281-1python-pip - security update

Search for package or bug name: Reporting problems