VYPR

apk package

chainguard/py3.14-virtualenv

pkg:apk/chainguard/py3.14-virtualenv

Vulnerabilities (2)

  • CVE-2026-6357MedApr 27, 2026
    affected < 21.5.1-r1fixed 21.5.1-r1

    pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update funct

  • CVE-2026-3219MedApr 20, 2026
    affected < 21.5.1-r1fixed 21.5.1-r1

    pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior