Browse all 3 CVE security advisories affecting PyInstaller. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PyInstaller is primarily used to package Python applications into standalone executables, simplifying distribution. Historically, it has been associated with remote code execution vulnerabilities, often stemming from insecure handling of extracted files or path traversal issues during unpacking. Other common classes include privilege escalation through insecure default permissions and cross-site scripting in bundled web components. While no major public incidents have been widely documented, the three recorded CVEs highlight risks in file extraction and path handling, particularly when processing untrusted input. Security researchers note that its use in bundling third-party dependencies can introduce additional attack surfaces if not properly sanitized.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59042 | PyInstaller has local privilege escalation vulnerability — pyinstallerCWE-94 | 7.5AI | HighAI | 2025-09-09 |
| CVE-2023-49797 | Local Privilege Escalation in pyinstaller on Windows — pyinstallerCWE-379 | 8.8 | High | 2023-12-09 |
| CVE-2019-16784 | Local Privilege Escalation present only on the Windows version of PyInstaller — PyInstallerCWE-250 | 7.0 | High | 2020-01-14 |
This page lists every published CVE security advisory associated with PyInstaller. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.