| Bug | trixie | forky | sid | Description |
|---|
| CVE-2026-2297 | vulnerable | vulnerable | vulnerable | The import hook in CPython that handles legacy *.pyc files (Sourceless ... |
| CVE-2026-1299 | vulnerable (no DSA) | fixed | fixed | The email module, specifically the "BytesGenerator" class, didn\u2019 ... |
| CVE-2026-0865 | vulnerable (no DSA) | fixed | fixed | User-controlled header names and values containing newlines can allow ... |
| CVE-2026-0672 | vulnerable (no DSA) | fixed | fixed | When using http.cookies.Morsel, user-controlled cookie values and para ... |
| CVE-2025-15367 | vulnerable (no DSA) | vulnerable | vulnerable | The poplib module, when passed a user-controlled command, can have add ... |
| CVE-2025-15366 | vulnerable (no DSA) | vulnerable | vulnerable | The imaplib module, when passed a user-controlled command, can have ad ... |
| CVE-2025-15282 | vulnerable (no DSA) | fixed | fixed | User-controlled data URLs parsed by urllib.request.DataHandler allow i ... |
| CVE-2025-13837 | vulnerable (no DSA) | fixed | fixed | When loading a plist file, the plistlib module reads data in size spec ... |
| CVE-2025-13836 | vulnerable (no DSA) | fixed | fixed | When reading an HTTP response from a server, if no read amount is spec ... |
| CVE-2025-12781 | vulnerable (no DSA) | vulnerable | vulnerable | When passing data to the b64decode(), standard_b64decode(), and urlsaf ... |
| CVE-2025-12084 | vulnerable (no DSA) | fixed | fixed | When building nested elements using xml.dom.minidom methods such as ap ... |
| CVE-2025-11468 | vulnerable (no DSA) | fixed | fixed | When folding a long comment in an email header containing exclusively ... |
| CVE-2025-8291 | vulnerable (no DSA) | fixed | fixed | The 'zipfile' module would not check the validity of the ZIP64 End of ... |
| CVE-2025-8194 | vulnerable (no DSA) | fixed | fixed | There is a defect in the CPython \u201ctarfile\u201d module affecting ... |
| CVE-2025-6075 | vulnerable (no DSA) | fixed | fixed | If the value passed to os.path.expandvars() is user-controlled a perf ... |
| CVE-2025-6069 | vulnerable (no DSA) | fixed | fixed | The html.parser.HTMLParser class had worse-case quadratic complexity w ... |
| Bug | Description |
|---|
| CVE-2025-69534 | Python-Markdown version 3.8 contain a vulnerability where malformed HT ... |
| CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory du ... |
| CVE-2025-4516 | There is an issue in CPython when using `bytes.decode("unicode_escape" ... |
| CVE-2025-4435 | When using a TarFile.errorlevel = 0and extracting with a filter the do ... |
| CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-1795 | During an address list folding when a separating comma ends up on a fo ... |
| CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `url ... |
| CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter=" ... |
| CVE-2024-12254 | Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writel ... |
| CVE-2024-9287 | A vulnerability has been found in the CPython `venv` module and CLI wh ... |
| CVE-2024-8088 | There is a HIGH severity vulnerability affecting the CPython "zipfile" ... |
| CVE-2024-7592 | There is a LOW severity vulnerability affecting CPython, specifically ... |
| CVE-2024-6923 | There is a MEDIUM severity vulnerability affecting CPython. The emai ... |
| CVE-2024-6232 | There is a MEDIUM severity vulnerability affecting CPython. Regul ... |
| CVE-2024-5642 | CPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ... |
| CVE-2024-4032 | The \u201cipaddress\u201d module contained incorrect information about ... |
| CVE-2024-3220 | There is a defect in the CPython standard library module \u201cmimetyp ... |
| CVE-2024-3219 | The \u201csocket\u201d module provides a pure-Python fallback to the ... |
| CVE-2024-0397 | A defect was discovered in the Python \u201cssl\u201d module where the ... |