GHSA-pq7m-3gw7-gq5x · Severity: high · Ecosystem: pip — Execution with Unnecessary Privileges in ipython
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
Conclusion & alert: CVE-2022-21699 is rated High Exploit Risk (63.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.66%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 1.15% | 0.66% | -0.49% |
| 2 | 2026-06-14 | 1.06% | 1.15% | +0.09% |
| 3 | 2026-06-06 | — | 1.06% | — |
Full EPSS history (26 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.2 | 3.1 | HIGH |
|
1.5 | 6.0 | [email protected] |
| 8.8 | 3.1 | HIGH |
|
2.0 | 6.0 | [email protected] |
| 4.6 | 2.0 | MEDIUM |
|
3.9 | 6.4 | [email protected] |
GHSA-pq7m-3gw7-gq5x · Severity: high · Ecosystem: pip — Execution with Unnecessary Privileges in ipython
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
high | CVE-2022-21699: 1 source package rows (ipython); 7 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.21-community, 3.22-community, edge-community); fixed 7, open 0. | https://security.alpinelinux.org/vuln/CVE-2022-21699 |
debian
|
not yet assigned | CVE-2022-21699 not yet assigned priority: Debian including 1 source packages (ipython), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2022-21699 |
suse
|
high | CVE-2022-21699 severity important: SUSE including 12 source package names (python3-ipython-7.13.0-bp153.2.6.1, python3-ipython-iptest-7.13.0-bp153.2.6.1, …), 14 product×package rows across 3 product lines (SUSE Package Hub 15 SP3, openSUSE Leap 15.3, openSUSE Tumbleweed): Fixed 14. | https://www.suse.com/security/cve/CVE-2022-21699/ |
ubuntu
|
medium | CVE-2022-21699 medium priority: Ubuntu including 1 source packages (ipython), 14 status rows across 14 suites (bionic, focal, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, trusty, upstream, xenial): not-affected 7, ignored 4, released 3. | https://ubuntu.com/security/CVE-2022-21699 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ipython | ipython | <= 5.10.0 | cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:* |
| ipython | ipython | >= 6.0.0, < 7.16.3 | cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:* |
| ipython | ipython | >= 7.17.0, < 7.31.1 | cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:* |
| ipython | ipython | >= 8.0.0, < 8.0.1 | cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| fedoraproject | fedora | 34 | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| fedoraproject | fedora | 35 | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |