setuptools

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting setuptoolspage 1 of 1

CVE-2013-1633NONECVSS 0.0EG 0.0✓ Fixed in 0.7
2013-08-06
vulnerable: 0.6b1 ... 0.6c9 (15 versions)
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted resp…
CVE-2022-40897MEDIUMCVSS 5.9EG 5.9✓ Fixed in 65.5.1
2022-12-23
vulnerable: 0.6b1 ... 9.1 (514 versions)
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_i…
CVE-2024-6345HIGHCVSS 8.8EG 8.8✓ Fixed in 70.0.0
2024-07-15
vulnerable: 0.6b1 ... 9.1 (558 versions)
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved…
CVE-2025-47273HIGHCVSS 8.8EG 8.8✓ Fixed in 78.1.1
2025-05-17
vulnerable: 0.6b1 ... 9.1 (602 versions)
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed …

Check whether setuptools is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for setuptools CVEs against the assets you own.

Start Free Scan →