pypa

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 10 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from May 28, 2013 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

31/100

low

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

Input Validation

Command Injection

Code Injection

OS Command Injection

Integer Overflow

Most Affected Products

1. pypa pip8

2. Fedoraproject Fedora8

3. pip/pip7

4. redhat/python-pip5

5. Oracle Communications Cloud Native Core Network Function Cloud Native Environment4

Recent Vulnerabilities

CVSS 5.5EPSS 0%medium

Mercurial configuration injectable in repo revision when installing via pip

10/24/2023

CVE-2022-21668

CVSS 9.3critical

Pipenv's requirements.txt parsing allows malicious index url in comments

Monitor pypa in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo