Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

conda — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting conda. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Conda serves as a cross-platform package and environment manager for programming languages, primarily used in data science and scientific computing. Historically, common vulnerabilities include remote code execution through path traversal flaws, cross-site scripting in web interfaces, and privilege escalation via improper permission handling. Notable security characteristics include its complex dependency resolution system which can introduce supply chain risks. While no major public incidents have been widely documented, the six recorded CVEs highlight potential risks in package management components, particularly around path handling and input validation. The tool's extensive ecosystem and dependency chain present ongoing security considerations for organizations deploying it in production environments.

Top products by conda: conda-build constructor
CVE IDTitleCVSSSeverityPublished
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation — constructorCWE-289 7.8 High2025-11-07
CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low) — constructorCWE-77--2025-06-17
CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI — conda-buildCWE-1357 9.8AICriticalAI2025-06-16
CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File — conda-buildCWE-22 9.8AICriticalAI2025-06-16
CVE-2025-32798 Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors — conda-buildCWE-94 8.8AIHighAI2025-06-16
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution — conda-buildCWE-277 7.0AIHighAI2025-06-16

This page lists every published CVE security advisory associated with conda. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.