Browse all 4 CVE security advisories affecting python-poetry. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Python-Poetry serves as a dependency management and packaging tool for Python projects, streamlining dependency resolution and application deployment. Historically, it has been susceptible to remote code execution vulnerabilities through malicious package dependencies, cross-site scripting flaws in web interfaces, and privilege escalation via insecure default configurations. While no major public incidents have been widely documented, the four recorded CVEs highlight risks associated with package integrity and supply chain attacks. Its security characteristics include reliance on virtual environments for isolation and built-in dependency verification, though users must remain vigilant about third-party package sources and maintain regular updates to mitigate potential exploitation vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41140 | Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 — poetryCWE-22 | 9.1 | - | 2026-04-24 |
| CVE-2026-34591 | Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write — poetryCWE-22 | 7.8AI | HighAI | 2026-04-02 |
| CVE-2022-36069 | Poetry Argument Injection vulnerability can lead to local Code Execution — poetryCWE-94 | 7.3 | High | 2022-09-07 |
| CVE-2022-36070 | Poetry's Untrusted Search Path can lead to Local Code Execution on Windows — poetryCWE-426 | 7.3 | High | 2022-09-07 |
This page lists every published CVE security advisory associated with python-poetry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.