Vulnerabilities > Pypa > PIP > 20.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5752 Command Injection vulnerability in Pypa PIP
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config").
local
low complexity
pypa CWE-77
3.3
3.3
2021-11-10 CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references.
network
low complexity
pypa oracle
5.7
5.7