VYPR

apk package

chainguard/py3-pip-wheel-bootstrap

pkg:apk/chainguard/py3-pip-wheel-bootstrap

Vulnerabilities (2)

  • CVE-2026-3219MedApr 20, 2026
    affected < 26.1-r0fixed 26.1-r0

    pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior

  • CVE-2025-8869MedSep 24, 2025
    affected < 25.3-r0fixed 25.3-r0

    When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by usi