Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The PyPA recommended tool for installing Python packages
Version 24.0-2 [extra]


Group Affected Fixed Severity Status Ticket
AVG-2036 20.3.4-4 21.0-1 Medium Fixed
AVG-1153 20.2.3-1 20.2.4-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2021-3572 AVG-2036 Medium Yes Silent downgrade
A security issue has been found in pip before version 21.1. Maliciously formatted tags could be used to hijack a commit-based pin. Using the fact that all...
CVE-2018-20225 AVG-1153 Low Yes Arbitrary code execution
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a...