| Bug | Description |
|---|
| CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory du ... |
| CVE-2025-4435 | When using a TarFile.errorlevel = 0and extracting with a filter the do ... |
| CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-1795 | During an address list folding when a separating comma ends up on a fo ... |
| CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `url ... |
| CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter=" ... |
| CVE-2024-12254 | Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writel ... |
| CVE-2024-11168 | The urllib.parse.urlsplit() and urlparse() functions improperly valida ... |
| CVE-2024-9287 | A vulnerability has been found in the CPython `venv` module and CLI wh ... |
| CVE-2024-8088 | There is a HIGH severity vulnerability affecting the CPython "zipfile" ... |
| CVE-2024-7592 | There is a LOW severity vulnerability affecting CPython, specifically ... |
| CVE-2024-6923 | There is a MEDIUM severity vulnerability affecting CPython. The emai ... |
| CVE-2024-6232 | There is a MEDIUM severity vulnerability affecting CPython. Regul ... |
| CVE-2024-4032 | The \u201cipaddress\u201d module contained incorrect information about ... |
| CVE-2024-4030 | On Windows a directory returned by tempfile.mkdtemp() would not always ... |
| CVE-2024-3220 | There is a defect in the CPython standard library module \u201cmimetyp ... |
| CVE-2024-3219 | The \u201csocket\u201d module provides a pure-Python fallback to the ... |
| CVE-2024-0450 | An issue was found in the CPython `zipfile` module affecting versions ... |
| CVE-2024-0397 | A defect was discovered in the Python \u201cssl\u201d module where the ... |
| CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path conta ... |
| CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ... |
| CVE-2023-38898 | An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ... |
| CVE-2023-33595 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ... |
| CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail ad ... |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows ... |
| CVE-2023-6597 | An issue was found in the CPython `tempfile.TemporaryDirectory` class ... |
| CVE-2023-6507 | An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ... |
| CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python thr ... |
| CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3. ... |
| CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ... |
| CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq ... |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadra ... |
| CVE-2022-42919 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ... |
| CVE-2022-26488 | In Python before 3.10.3 on Windows, local users can gain privileges be ... |
| CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse modul ... |
| CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero ... |
| CVE-2021-28861 | Python 3.x through 3.10 has an open redirection vulnerability in lib/h ... |
| CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ... |
| CVE-2021-4189 | A flaw was found in Python, specifically in the FTP (File Transfer Pro ... |
| CVE-2021-3737 | A flaw was found in python. An improperly handled HTTP response in the ... |
| CVE-2021-3733 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ... |
| CVE-2021-3426 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ... |
| CVE-2021-3177 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ... |
| CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ... |
| CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ... |
| CVE-2020-15801 | In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ... |
| CVE-2020-10735 | A flaw was found in python. In algorithms with quadratic time complexi ... |
| CVE-2019-20907 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ... |
| CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add ... |