Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4gg8-gxpx-9rph
  • PyPI/uv
  • crates.io/uv
 uv is vulnerable to arbitrary file write through entry point names 4 days ago
  • Fix available
GHSA-pjjw-68hj-v9mw
  • PyPI/uv
 uv vulnerable to arbitrary file deletion through RECORD entries 10 Apr
  • Fix available
  • Severity - 2.1 (Low)
GHSA-pqhf-p39g-3x64
  • PyPI/uv
 uv allows ZIP payload obfuscation through parsing differentials 29 Oct 2025
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-w476-p2h3-79g9
  • PyPI/uv
 uv has differential in tar extraction with PAX headers 21 Oct 2025
  • Fix available
GHSA-8qf3-x8v5-2pj8
  • PyPI/uv
 uv allows ZIP payload obfuscation through parsing differentials 07 Aug 2025
  • Fix available
  • Severity - 6.8 (Medium)