MEDIUM 6.5 PyPI
GHSA-2599-h6xx-hpxp · CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Modified: 4/17/2026
package
PyPI / poetry
pkg:pypi/poetry
LOW PyPI
GHSA-73h3-mf4w-8647 · CVE-2026-41140 Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Modified: 5/5/2026
HIGH 7.3 PyPI
GHSA-9xgj-fcgf-x6mw · CVE-2022-36069, PYSEC-2022-266 Poetry Argument Injection can lead to Local Code Execution
Modified: 10/21/2024
HIGH 7.3 PyPI
GHSA-j4j9-7hg9-97g6 · CVE-2022-36070, PYSEC-2022-43179 Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
Modified: 6/10/2026
CRITICAL 9.8 PyPI
GHSA-xr2c-5w89-63pv · CVE-2022-26184, PYSEC-2022-234 Poetry before v1.1.9 contains Untrusted Search Path
Modified: 10/21/2024
— PyPI
PYSEC-2022-234 · CVE-2022-26184, GHSA-xr2c-5w89-63pv Modified: 11/8/2023
— PyPI
PYSEC-2022-266 · CVE-2022-36069, GHSA-9xgj-fcgf-x6mw Modified: 11/8/2023
HIGH 7.3 PyPI
PYSEC-2022-43179 · CVE-2022-36070, GHSA-j4j9-7hg9-97g6 Modified: 6/10/2026