VYPR
Vendor

Python Poetry

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-34591MedApr 2, 2026
    risk 0.35cvss 6.5epss 0.00

    Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from…

  • CVE-2022-36069Sep 7, 2022
    risk 0.00cvss epss 0.01

    Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands,…

  • CVE-2022-36070Sep 7, 2022
    risk 0.00cvss epss 0.00

    Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of…