Information on source package pypy3

Available versions

ReleaseVersion
bullseye7.3.5+dfsg-2+deb11u2
bullseye (security)7.3.5+dfsg-2+deb11u4
bookworm7.3.11+dfsg-2+deb12u3
trixie7.3.19+dfsg-2
forky7.3.20+dfsg-2
sid7.3.20+dfsg-2

Open issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2025-6069vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe html.parser.HTMLParser class had worse-case quadratic complexity w ...
CVE-2025-4517fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAllows arbitrary filesystem writes outside the extraction directory du ...
CVE-2025-4435fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableWhen using a TarFile.errorlevel = 0and extracting with a filter the do ...
CVE-2025-4330fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAllows the extraction filter to be ignored, allowing symlink targets t ...
CVE-2025-4138fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAllows the extraction filter to be ignored, allowing symlink targets t ...
CVE-2025-1795vulnerable (no DSA, postponed)vulnerablefixedfixedfixedDuring an address list folding when a separating comma ends up on a fo ...
CVE-2025-0938vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedfixedThe Python standard library functions `urllib.parse.urlsplit` and `url ...
CVE-2024-12718fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableAllows modifying some file metadata (e.g. last modified) with filter=" ...
CVE-2024-11168vulnerable (no DSA, postponed)vulnerablefixedfixedfixedThe urllib.parse.urlsplit() and urlparse() functions improperly valida ...
CVE-2024-8088fixedvulnerablefixedfixedfixedThere is a HIGH severity vulnerability affecting the CPython "zipfile" ...
CVE-2024-7592vulnerable (no DSA, postponed)vulnerablefixedfixedfixedThere is a LOW severity vulnerability affecting CPython, specifically ...
CVE-2024-6923vulnerable (no DSA, postponed)vulnerablefixedfixedfixedThere is a MEDIUM severity vulnerability affecting CPython. The emai ...
CVE-2024-6232vulnerable (no DSA, postponed)vulnerablefixedfixedfixedThere is a MEDIUM severity vulnerability affecting CPython. Regul ...
CVE-2024-5642vulnerable (no DSA, postponed)fixedfixedfixedfixedCPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ...
CVE-2024-4032vulnerable (no DSA, postponed)vulnerablefixedfixedfixedThe \u201cipaddress\u201d module contained incorrect information about ...
CVE-2024-0397vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedfixedA defect was discovered in the Python \u201cssl\u201d module where the ...
CVE-2022-42919vulnerable (no DSA, ignored)fixedfixedfixedfixedPython 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ...
CVE-2015-20107vulnerable (no DSA, postponed)fixedfixedfixedfixedIn Python (aka CPython) up to 3.10.8, the mailcap module does not add ...

Resolved issues

BugDescription
CVE-2025-4516There is an issue in CPython when using `bytes.decode("unicode_escape" ...
CVE-2024-9287A vulnerability has been found in the CPython `venv` module and CLI wh ...
CVE-2024-0450An issue was found in the CPython `zipfile` module affecting versions ...
CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...
CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail ad ...
CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows ...
CVE-2023-6597An issue was found in the CPython `tempfile.TemporaryDirectory` class ...
CVE-2022-48566An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...
CVE-2022-48565An XML External Entity (XXE) issue was discovered in Python through 3. ...
CVE-2022-48564read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...
CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadra ...
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...
CVE-2022-0391A flaw was found in Python, specifically within the urllib.parse modul ...
CVE-2021-29921In Python before 3,9,5, the ipaddress library mishandles leading zero ...
CVE-2021-28861Python 3.x through 3.10 has an open redirection vulnerability in lib/h ...
CVE-2021-23336The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...
CVE-2021-4189A flaw was found in Python, specifically in the FTP (File Transfer Pro ...
CVE-2021-3737A flaw was found in python. An improperly handled HTTP response in the ...
CVE-2021-3733There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...
CVE-2021-3426There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...
CVE-2020-29651A denial of service via regular expression in the py.path.svnwc compon ...
CVE-2020-27619In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...
CVE-2020-26116http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...
CVE-2020-10735A flaw was found in python. In algorithms with quadratic time complexi ...
CVE-2019-20907In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...

Security announcements

DSA / DLADescription
DLA-3966-1pypy3 - security update
DLA-3948-1pypy3 - security update
DSA-5269-1pypy3 - security update

Search for package or bug name: Reporting problems