Skip to content

[GHSA-4xh5-x5gv-qwph] pip's fallback tar extraction doesn't check symbolic links point to extraction directory #6358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
advisory-database merged 1 commit into from
Oct 27, 2025

Improve GHSA-4xh5-x5gv-qwph

a770d59
Select commit
Loading
Failed to load commit list.
Merged

[GHSA-4xh5-x5gv-qwph] pip's fallback tar extraction doesn't check symbolic links point to extraction directory #6358

Improve GHSA-4xh5-x5gv-qwph
a770d59
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL succeeded Oct 27, 2025 in 3s

No new alerts in code changed by this pull request

View all branch alerts.