| Bug | bookworm | Description |
|---|
| CVE-2026-2297 | vulnerable | The import hook in CPython that handles legacy *.pyc files (Sourceless ... |
| CVE-2026-1299 | vulnerable (no DSA) | The email module, specifically the "BytesGenerator" class, didn\u2019 ... |
| CVE-2026-0865 | vulnerable (no DSA) | User-controlled header names and values containing newlines can allow ... |
| CVE-2026-0672 | vulnerable (no DSA) | When using http.cookies.Morsel, user-controlled cookie values and para ... |
| CVE-2025-69534 | vulnerable | Python-Markdown version 3.8 contain a vulnerability where malformed HT ... |
| CVE-2025-15367 | vulnerable (no DSA) | The poplib module, when passed a user-controlled command, can have add ... |
| CVE-2025-15366 | vulnerable (no DSA) | The imaplib module, when passed a user-controlled command, can have ad ... |
| CVE-2025-15282 | vulnerable (no DSA) | User-controlled data URLs parsed by urllib.request.DataHandler allow i ... |
| CVE-2025-13837 | vulnerable (no DSA) | When loading a plist file, the plistlib module reads data in size spec ... |
| CVE-2025-13836 | vulnerable (no DSA) | When reading an HTTP response from a server, if no read amount is spec ... |
| CVE-2025-12781 | vulnerable (no DSA) | When passing data to the b64decode(), standard_b64decode(), and urlsaf ... |
| CVE-2025-12084 | vulnerable (no DSA) | When building nested elements using xml.dom.minidom methods such as ap ... |
| CVE-2025-11468 | vulnerable (no DSA) | When folding a long comment in an email header containing exclusively ... |
| CVE-2025-8291 | vulnerable (no DSA) | The 'zipfile' module would not check the validity of the ZIP64 End of ... |
| CVE-2025-8194 | vulnerable (no DSA) | There is a defect in the CPython \u201ctarfile\u201d module affecting ... |
| CVE-2025-6075 | vulnerable (no DSA) | If the value passed to os.path.expandvars() is user-controlled a perf ... |
| CVE-2025-6069 | vulnerable (no DSA) | The html.parser.HTMLParser class had worse-case quadratic complexity w ... |
| CVE-2025-4516 | vulnerable (no DSA) | There is an issue in CPython when using `bytes.decode("unicode_escape" ... |
| Bug | Description |
|---|
| CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory du ... |
| CVE-2025-4435 | When using a TarFile.errorlevel = 0and extracting with a filter the do ... |
| CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-1795 | During an address list folding when a separating comma ends up on a fo ... |
| CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `url ... |
| CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter=" ... |
| CVE-2024-12254 | Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writel ... |
| CVE-2024-11168 | The urllib.parse.urlsplit() and urlparse() functions improperly valida ... |
| CVE-2024-9287 | A vulnerability has been found in the CPython `venv` module and CLI wh ... |
| CVE-2024-8088 | There is a HIGH severity vulnerability affecting the CPython "zipfile" ... |
| CVE-2024-7592 | There is a LOW severity vulnerability affecting CPython, specifically ... |
| CVE-2024-6923 | There is a MEDIUM severity vulnerability affecting CPython. The emai ... |
| CVE-2024-6232 | There is a MEDIUM severity vulnerability affecting CPython. Regul ... |
| CVE-2024-5642 | CPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ... |
| CVE-2024-4032 | The \u201cipaddress\u201d module contained incorrect information about ... |
| CVE-2024-4030 | On Windows a directory returned by tempfile.mkdtemp() would not always ... |
| CVE-2024-3220 | There is a defect in the CPython standard library module \u201cmimetyp ... |
| CVE-2024-3219 | The \u201csocket\u201d module provides a pure-Python fallback to the ... |
| CVE-2024-0450 | An issue was found in the CPython `zipfile` module affecting versions ... |
| CVE-2024-0397 | A defect was discovered in the Python \u201cssl\u201d module where the ... |
| CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path conta ... |
| CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ... |
| CVE-2023-38898 | An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ... |
| CVE-2023-33595 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ... |
| CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail ad ... |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows ... |
| CVE-2023-6597 | An issue was found in the CPython `tempfile.TemporaryDirectory` class ... |
| CVE-2023-6507 | An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ... |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadra ... |
| CVE-2022-42919 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ... |
| CVE-2021-28861 | Python 3.x through 3.10 has an open redirection vulnerability in lib/h ... |
| CVE-2020-10735 | A flaw was found in python. In algorithms with quadratic time complexi ... |