VYPR

rpm package

almalinux/python3.14-pip-wheel

pkg:rpm/almalinux/python3.14-pip-wheel

Vulnerabilities (1)

  • CVE-2026-8643MedJun 1, 2026
    affected < 25.2-3.el10_2.5fixed 25.2-3.el10_2.5

    pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.