Skip to content

[GHSA-4xh5-x5gv-qwph] pip's fallback tar extraction doesn't check symbolic links point to extraction directory #6240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
akarve wants to merge 1 commit into from

Improve GHSA-4xh5-x5gv-qwph

782fff3
Select commit
Loading
Failed to load commit list.
Closed

[GHSA-4xh5-x5gv-qwph] pip's fallback tar extraction doesn't check symbolic links point to extraction directory #6240

Improve GHSA-4xh5-x5gv-qwph
782fff3
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL succeeded Sep 30, 2025 in 2s

No new alerts in code changed by this pull request

View all branch alerts.