| Bug | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2025-6069 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | vulnerable | The html.parser.HTMLParser class had worse-case quadratic complexity w ... |
| CVE-2025-4517 | fixed | vulnerable | vulnerable | vulnerable | Allows arbitrary filesystem writes outside the extraction directory du ... |
| CVE-2025-4435 | fixed | vulnerable | vulnerable | vulnerable | When using a TarFile.errorlevel = 0and extracting with a filter the do ... |
| CVE-2025-4330 | fixed | vulnerable | vulnerable | vulnerable | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-4138 | fixed | vulnerable | vulnerable | vulnerable | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-1795 | vulnerable (no DSA, postponed) | vulnerable | fixed | fixed | During an address list folding when a separating comma ends up on a fo ... |
| CVE-2025-0938 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | The Python standard library functions `urllib.parse.urlsplit` and `url ... |
| CVE-2024-12718 | fixed | vulnerable | vulnerable | vulnerable | Allows modifying some file metadata (e.g. last modified) with filter=" ... |
| CVE-2024-11168 | vulnerable (no DSA, postponed) | vulnerable | fixed | fixed | The urllib.parse.urlsplit() and urlparse() functions improperly valida ... |
| CVE-2024-8088 | fixed | vulnerable | fixed | fixed | There is a HIGH severity vulnerability affecting the CPython "zipfile" ... |
| CVE-2024-7592 | vulnerable (no DSA, postponed) | vulnerable | fixed | fixed | There is a LOW severity vulnerability affecting CPython, specifically ... |
| CVE-2024-6923 | vulnerable (no DSA, postponed) | vulnerable | fixed | fixed | There is a MEDIUM severity vulnerability affecting CPython. The emai ... |
| CVE-2024-6232 | vulnerable (no DSA, postponed) | vulnerable | fixed | fixed | There is a MEDIUM severity vulnerability affecting CPython. Regul ... |
| CVE-2024-5642 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | CPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ... |
| CVE-2024-4032 | vulnerable (no DSA, postponed) | vulnerable | fixed | fixed | The \u201cipaddress\u201d module contained incorrect information about ... |
| CVE-2024-0397 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | A defect was discovered in the Python \u201cssl\u201d module where the ... |
| CVE-2022-42919 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ... |
| CVE-2015-20107 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | In Python (aka CPython) up to 3.10.8, the mailcap module does not add ... |
| Bug | Description |
|---|
| CVE-2025-4516 | There is an issue in CPython when using `bytes.decode("unicode_escape" ... |
| CVE-2024-9287 | A vulnerability has been found in the CPython `venv` module and CLI wh ... |
| CVE-2024-0450 | An issue was found in the CPython `zipfile` module affecting versions ... |
| CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ... |
| CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail ad ... |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows ... |
| CVE-2023-6597 | An issue was found in the CPython `tempfile.TemporaryDirectory` class ... |
| CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python thr ... |
| CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3. ... |
| CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ... |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadra ... |
| CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ... |
| CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse modul ... |
| CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero ... |
| CVE-2021-28861 | Python 3.x through 3.10 has an open redirection vulnerability in lib/h ... |
| CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ... |
| CVE-2021-4189 | A flaw was found in Python, specifically in the FTP (File Transfer Pro ... |
| CVE-2021-3737 | A flaw was found in python. An improperly handled HTTP response in the ... |
| CVE-2021-3733 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ... |
| CVE-2021-3426 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ... |
| CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc compon ... |
| CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ... |
| CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ... |
| CVE-2020-10735 | A flaw was found in python. In algorithms with quadratic time complexi ... |
| CVE-2019-20907 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ... |