Browse all 5 CVE security advisories affecting pypa. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PyPA develops packaging tools for Python, enabling distribution and installation of software packages. Historically, common vulnerabilities include remote code execution through insecure package loading and cross-site scripting in web interfaces. Privilege escalation risks have occurred when tools process untrusted input without proper validation. Notable security characteristics include dependency management features that help mitigate supply chain attacks, though the ecosystem remains challenged by package integrity issues. The project maintains a security response process, but the five recorded CVEs highlight ongoing risks in package handling and web components, particularly when processing unverified inputs from third-party repositories.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-47273 | setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write — setuptoolsCWE-22 | 9.8AI | CriticalAI | 2025-05-17 |
This page lists every published CVE security advisory associated with pypa. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.