FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-01-12 13:55:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fd3855b8-efbc-11f0-9e3f-b0416f0c4c67virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')

https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports:

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.


Discovery 2026-01-10
Entry 2026-01-12
py310-virtualenv
py311-virtualenv
py312-virtualenv
py313-virtualenv
py313t-virtualenv
py314-virtualenv
< 20.36.1

CVE-2026-22702
https://cveawg.mitre.org/api/cve/CVE-2026-22702