| Bug | bullseye | Description |
|---|
| CVE-2024-6923 | vulnerable (no DSA, ignored) | There is a MEDIUM severity vulnerability affecting CPython. The emai ... |
| CVE-2024-6232 | vulnerable (no DSA, ignored) | There is a MEDIUM severity vulnerability affecting CPython. Regul ... |
| CVE-2024-5642 | vulnerable (no DSA, ignored) | CPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ... |
| CVE-2024-0450 | vulnerable (no DSA, ignored) | An issue was found in the CPython `zipfile` module affecting versions ... |
| CVE-2024-0397 | vulnerable (no DSA, ignored) | A defect was discovered in the Python \u201cssl\u201d module where the ... |
| CVE-2023-27043 | vulnerable (no DSA, ignored) | The email module of Python through 3.11.3 incorrectly parses e-mail ad ... |
| CVE-2022-45061 | vulnerable (no DSA, ignored) | An issue was discovered in Python before 3.11.1. An unnecessary quadra ... |
| CVE-2021-4189 | vulnerable (no DSA, ignored) | A flaw was found in Python, specifically in the FTP (File Transfer Pro ... |
| CVE-2021-3737 | vulnerable (no DSA, ignored) | A flaw was found in python. An improperly handled HTTP response in the ... |
| CVE-2021-3733 | vulnerable (no DSA, ignored) | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ... |
| CVE-2020-26116 | vulnerable (no DSA, ignored) | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ... |
| CVE-2020-10735 | vulnerable (no DSA, ignored) | A flaw was found in python. In algorithms with quadratic time complexi ... |
| CVE-2015-20107 | vulnerable (no DSA, ignored) | In Python (aka CPython) up to 3.10.8, the mailcap module does not add ... |
| Bug | Description |
|---|
| CVE-2024-9287 | A vulnerability has been found in the CPython `venv` module and CLI wh ... |
| CVE-2024-8088 | There is a HIGH severity vulnerability affecting the CPython "zipfile" ... |
| CVE-2024-4032 | The \u201cipaddress\u201d module contained incorrect information about ... |
| CVE-2024-4030 | On Windows a directory returned by tempfile.mkdtemp() would not always ... |
| CVE-2024-3219 | The \u201csocket\u201d module provides a pure-Python fallback to the ... |
| CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path conta ... |
| CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ... |
| CVE-2023-38898 | An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ... |
| CVE-2023-33595 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ... |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows ... |
| CVE-2023-6597 | An issue was found in the CPython `tempfile.TemporaryDirectory` class ... |
| CVE-2023-6507 | An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ... |
| CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python thr ... |
| CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3. ... |
| CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ... |
| CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq ... |
| CVE-2022-42919 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ... |
| CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ... |
| CVE-2022-26488 | In Python before 3.10.3 on Windows, local users can gain privileges be ... |
| CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse modul ... |
| CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero ... |
| CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ... |
| CVE-2021-3426 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ... |
| CVE-2021-3177 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ... |
| CVE-2020-15801 | In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ... |
| CVE-2020-15523 | In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ... |
| CVE-2020-14422 | Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ... |
| CVE-2020-8492 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ... |
| CVE-2020-8315 | In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ... |
| CVE-2019-20907 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ... |
| CVE-2019-18348 | An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ... |
| CVE-2019-16935 | The documentation XML-RPC server in Python through 2.7.16, 3.x through ... |
| CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ... |
| CVE-2019-10160 | A security regression of CVE-2019-9636 was discovered in python since ... |
| CVE-2019-9948 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ... |
| CVE-2019-9947 | An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ... |
| CVE-2019-9740 | An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ... |
| CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ... |
| CVE-2019-5010 | An exploitable denial-of-service vulnerability exists in the X509 cert ... |
| CVE-2018-1000802 | Python Software Foundation Python (CPython) version 2.7 contains a CWE ... |
| CVE-2018-1000117 | Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ... |
| CVE-2018-1000030 | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Hea ... |
| CVE-2018-20852 | http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ... |
| CVE-2018-20406 | Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ... |
| CVE-2018-14647 | Python's elementtree C accelerator failed to initialise Expat's hash s ... |
| CVE-2018-1061 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ... |
| CVE-2018-1060 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ... |
| CVE-2017-1000158 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ... |
| CVE-2016-1000110 | The CGIHandler class in Python before 2.7.12 does not protect against ... |
| CVE-2016-5699 | CRLF injection vulnerability in the HTTPConnection.putheader function ... |
| CVE-2016-5636 | Integer overflow in the get_data function in zipimport.c in CPython (a ... |
| CVE-2016-0772 | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ... |
| CVE-2014-9365 | The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ... |
| CVE-2014-7185 | Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ... |
| CVE-2014-4650 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ... |
| CVE-2014-4616 | Array index error in the scanstring function in the _json module in Py ... |
| CVE-2014-2667 | Race condition in the _get_masked_mode function in Lib/os.py in Python ... |
| CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socket ... |
| CVE-2013-7440 | The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ... |
| CVE-2013-7338 | Python before 3.3.4 RC1 allows remote attackers to cause a denial of s ... |
| CVE-2013-4238 | The ssl.match_hostname function in the SSL module in Python 2.6 throug ... |
| CVE-2013-2099 | Algorithmic complexity vulnerability in the ssl.match_hostname functio ... |
| CVE-2013-1753 | The gzip_decode function in the xmlrpc client library in Python 3.4 an ... |
| CVE-2012-1150 | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x b ... |
| CVE-2012-0845 | SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2. ... |
| CVE-2011-4944 | Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ... |
| CVE-2011-4940 | The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ... |
| CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windo ... |
| CVE-2011-1521 | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x befo ... |
| CVE-2010-3492 | The asyncore module in Python before 3.2 does not properly handle unsu ... |
| CVE-2010-2089 | The audioop module in Python 2.7 and 3.2 does not verify the relations ... |
| CVE-2010-1634 | Multiple integer overflows in audioop.c in the audioop module in Pytho ... |
| CVE-2010-1450 | Multiple buffer overflows in the RLE decoder in the rgbimg module in P ... |
| CVE-2010-1449 | Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ... |
| CVE-2009-4134 | Buffer underflow in the rgbimg module in Python 2.5 allows remote atta ... |