Security

Report a vulnerability

SECURITY.md

Security Contact

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Path traversal in PackageIndex.download leads to Arbitrary File Write
GHSA-5rjg-fvgr-3xxf published May 17, 2025 by jaraco

Moderate

Learn more about advisories related to pypa/setuptools in the GitHub Advisory Database