pyinstaller

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pyinstallerpage 1 of 1

CVE-2019-16784HIGHCVSS 7.0EG 7.0✓ Fixed in 3.6
2020-01-14
vulnerable: 1.5 ... 3.5 (13 versions)
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the c…
CVE-2023-49797HIGHCVSS 8.8EG 8.8✓ Fixed in 5.13.1
2023-12-09
vulnerable: 1.5 ... 5.9.0 (45 versions)
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged use…
CVE-2025-59042NONECVSS 0.0EG 0.0✓ Fixed in 6.0.0
2025-09-09
vulnerable: 1.5 ... 5.9.0 (47 versions)
PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to `sys.path` during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script …

Check whether pyinstaller is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pyinstaller CVEs against the assets you own.

Start Free Scan →