python-pip (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package python-pip, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-6357: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python…
CVE-2026-3219: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior…
CVE-2026-1703: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The…