rpm package
opensuse/python-virtualenv&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-virtualenv&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22702 | — | < 20.36.1-1.1 | 20.36.1-1.1 | Jan 10, 2026 | virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local acces | ||
| CVE-2025-68146 | — | < 20.36.1-1.1 | 20.36.1-1.1 | Dec 16, 2025 | filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows | ||
| CVE-2024-9287 | — | < 20.26.6-1.1 | 20.26.6-1.1 | Oct 22, 2024 | A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This |
- CVE-2026-22702Jan 10, 2026affected < 20.36.1-1.1fixed 20.36.1-1.1
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local acces
- CVE-2025-68146Dec 16, 2025affected < 20.36.1-1.1fixed 20.36.1-1.1
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows
- CVE-2024-9287Oct 22, 2024affected < 20.26.6-1.1fixed 20.26.6-1.1
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This