apk package
chainguard/py3.14-virtualenv
pkg:apk/chainguard/py3.14-virtualenv
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6357 | Med | — | < 21.5.1-r1 | 21.5.1-r1 | Apr 27, 2026 | pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update funct | |
| CVE-2026-3219 | Med | — | < 21.5.1-r1 | 21.5.1-r1 | Apr 20, 2026 | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior |
- affected < 21.5.1-r1fixed 21.5.1-r1
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update funct
- affected < 21.5.1-r1fixed 21.5.1-r1
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior