py7zr
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting py7zrpage 1 of 1
- CVE-2022-44900CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.20.12022-12-06
vulnerable: 0.0.3 ... v0.0.1 (252 versions)
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
- CVE-2026-23879HIGHCVSS 8.0EG 8.0✓ Fixed in 1.1.32026-06-19
vulnerable: 0.0.3 ... 1.1.2 (164 versions)
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreat…
- CVE-2026-55195HIGHCVSS 8.7EG 8.7✓ Fixed in 1.1.32026-06-19
vulnerable: 0.0.3 ... 1.1.2 (164 versions)
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allo…
- CVE-2026-55206HIGHCVSS 8.7EG 8.7✓ Fixed in 1.1.32026-06-19
vulnerable: 0.0.3 ... 1.1.2 (164 versions)
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) cumulative sum pattern for attacker-controlled num…
Check whether py7zr is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for py7zr CVEs against the assets you own.
Start Free Scan →