virtualenv

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting virtualenvpage 1 of 1

CVE-2011-4617NONECVSS 0.0EG 0.0✓ Fixed in 1.5
2011-12-31
vulnerable: 0.8 ... 1.4rc1 (27 versions)
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
CVE-2024-53899HIGHCVSS 7.8EG 7.8✓ Fixed in 20.26.6
2024-11-24
vulnerable: 0.8 ... 20.9.0 (222 versions)
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
CVE-2026-22702MEDIUMCVSS 4.5EG 4.5✓ Fixed in 20.36.1
2026-01-10
vulnerable: 0.8 ... 20.9.0 (245 versions)
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation…

Check whether virtualenv is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for virtualenv CVEs against the assets you own.

Start Free Scan →