Python
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Python.
Python EOL Dates
Ensure that you are using a supported version of Python. Here are some end of life, and end of support dates for Python.
| Release | EOL | End of Support | Status |
|---|---|---|---|
| 3.14 | October 31, 2030 | October 1, 2027 |
Active
Python 3.14 will become EOL in 4 years (in 2030). |
| 3.13 | October 31, 2029 | October 1, 2026 |
Active
Python 3.13 will become EOL in 3 years (in 2029). |
| 3.12 | October 31, 2028 | April 2, 2025 |
Active
Python 3.12 will become EOL in two years (in 2028). |
| 3.11 | October 31, 2027 | April 1, 2024 |
Active
Python 3.11 will become EOL next year, in October 2027. |
| 3.9 | October 31, 2025 | May 17, 2022 |
EOL
Python 3.9 became EOL in 2025 and supported ended in 2022 |
| 3.8 | October 7, 2024 | May 3, 2021 |
EOL
Python 3.8 became EOL in 2024 and supported ended in 2021 |
| 3.7 | June 27, 2023 | June 27, 2020 |
EOL
Python 3.7 became EOL in 2023 and supported ended in 2020 |
| 3.6 | December 23, 2021 | December 24, 2018 |
EOL
Python 3.6 became EOL in 2021 and supported ended in 2018 |
| 3.5 | September 30, 2020 | - |
EOL
Python 3.5 became EOL in 2020. |
| 3.4 | March 18, 2019 | - |
EOL
Python 3.4 became EOL in 2019. |
| 3.3 | September 29, 2017 | - |
EOL
Python 3.3 became EOL in 2017. |
| 3.2 | February 20, 2016 | - |
EOL
Python 3.2 became EOL in 2016. |
| 2.7 | January 1, 2020 | - |
EOL
Python 2.7 became EOL in 2020. |
| 3.1 | April 9, 2012 | - |
EOL
Python 3.1 became EOL in 2012. |
| 3.1 | April 9, 2012 | - |
EOL
Python 3.1 became EOL in 2012. |
| 3.0 | June 27, 2009 | - |
EOL
Python 3.0 became EOL in 2009. |
| 2.6 | October 29, 2013 | - |
EOL
Python 2.6 became EOL in 2013. |
By the Year
In 2026 there have been 6 vulnerabilities in Python. Last year, in 2025 Python had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Python in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 0.00 |
| 2025 | 12 | 6.66 |
| 2024 | 9 | 6.54 |
| 2023 | 12 | 6.65 |
| 2022 | 12 | 7.47 |
| 2021 | 5 | 6.88 |
| 2020 | 9 | 8.50 |
| 2019 | 16 | 7.93 |
| 2018 | 8 | 7.10 |
It may take a day or so for new Python vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Python Security Vulnerabilities
CPython XML Expat Hash Flooding (3.14)
CVE-2026-7210
- May 11, 2026
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
Insufficient Entropy
Python CPython <3.15.0 Morsel.js_output XSS via <script>
CVE-2026-6019
- April 22, 2026
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
Improper Neutralization of Escape, Meta, or Control Sequences
Python 3.11-3.14 OOB Buffer Write in ProactorEventLoop (WS)
CVE-2026-3298
- April 21, 2026
The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.
Memory Corruption
Privileged Memory Access via Profiling.Sampling/Asyncio Introspection in CPython <3.15
CVE-2026-5713
- April 14, 2026
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
Stack Overflow
Python CPython "webbrowser.open" "%action" URL injection (CVE-2026-4786)
CVE-2026-4786
- April 13, 2026
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Command Injection
Python http.client CRLF injection via proxy tunnel headers (before 3.15)
CVE-2026-1502
- April 10, 2026
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
CRLF Injection
Python XML DOM minidom quadratic appendChild CVE-2025-12084
CVE-2025-12084
- December 03, 2025
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Inefficient Algorithmic Complexity
Python plistlib OOM DoS via malicious plist
CVE-2025-13837
- December 01, 2025
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Resource Exhaustion
Python zipfile ZIP64 EOCD Locator offset validation flaw
CVE-2025-8291
4.3 - Medium
- October 07, 2025
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.
Improper Validation of Specified Index, Position, or Offset in Input
cPython TarFile Infinite Loop via Negative Offset
CVE-2025-8194
7.5 - High
- July 28, 2025
There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the tarfile module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Infinite Loop
Python HTMLParser Quadratic Complexity DoS Vulnerability
CVE-2025-6069
4.3 - Medium
- June 17, 2025
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
ReDoS
Python 3.14+ tarfile extraction filter bypass (symlink outside dir)
CVE-2025-4138
7.5 - High
- June 03, 2025
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Directory traversal
Python 3.14+ tarfile Filter Bypass for Symlink Extraction
CVE-2025-4330
7.5 - High
- June 03, 2025
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Directory traversal
Python tarfile Arbitrary FS Write via filter='data' (pre-3.14) CVE-2025-4517
CVE-2025-4517
9.4 - Critical
- June 03, 2025
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Directory traversal
Python 3.12+ Tarfile Filter CVE-2024-12718: External Metadata Modification
CVE-2024-12718
5.3 - Medium
- June 03, 2025
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Directory traversal
Python CPython Mimetypes MemoryError on Startup via Writable File Locs Windows
CVE-2024-3220
- February 14, 2025
There is a defect in the CPython standard library module mimetypes where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as /etc/mime.types) also being used on Windows, where they are user-writable locations (C:\etc\mime.types). To work-around this issue a user can call mimetypes.init() with an empty list ([]) on Windows platforms to avoid using the default list of known file locations.
Out-of-Bounds Read in Python's String Interpreter Module
CVE-2024-57956
7.5 - High
- February 06, 2025
Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.
Out-of-bounds Read
Python urllib.parse: Invalid Square Bracket URL Parsing Issue
CVE-2025-0938
- January 31, 2025
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Improper Input Validation
Python 3.12+ Asyncio._SelectorSocketTransport Memory Exhaustion via writelines()
CVE-2024-12254
- December 06, 2024
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.
Python urllib.parse SSRF Vulnerability via Improper Host Validation
CVE-2024-11168
3.7 - Low
- November 12, 2024
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
SSRF
CVE-2024-9287: CPython venv CLI Command Injection via Unquoted Paths
CVE-2024-9287
- October 22, 2024
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Unquoted Search Path or Element
CPython ReDoS via Regex in tarfile Header Parsing
CVE-2024-6232
7.5 - High
- September 03, 2024
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
ReDoS
CPython http.cookies Quadratic Complexity CPU Exhaustion (CVE20247592)
CVE-2024-7592
7.5 - High
- August 19, 2024
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Resource Exhaustion
CPython SocketModule AF_INET socketpair race (Win), 3.5+
CVE-2024-3219
- July 29, 2024
The socket module provides a pure-Python fallback to the socket.socketpair() function for platforms that dont support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
CPython 3.9+ SSLContext.set_npn_protocols Empty List Buffer Over-Read
CVE-2024-5642
6.5 - Medium
- June 27, 2024
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
Python ipaddress CVE-2024-4032 incorrect is_private/is_global until v3.12.4
CVE-2024-4032
7.5 - High
- June 17, 2024
The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldnt be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
Incorrect Comparison
Python tempfile.mkdtemp() Improper Permission Handling on Windows
CVE-2024-4030
- May 07, 2024
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If youre not using Windows or havent changed the temporary directory location then you arent affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix 700 for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
CPython 3.12.0 subprocess setgroups regression causes PID root privilege issue
CVE-2023-6507
4.9 - Medium
- December 08, 2023
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
Python TLS Client Cert Auth Bypass pre 3.8.18/3.9.18/3.10.13/3.11.5
CVE-2023-40217
- August 25, 2023
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
Python 3.11.x Null-Byte Truncation in os.path.normpath
CVE-2023-41105
7.5 - High
- August 23, 2023
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Untrusted Path
XXE in Python plistlib <3.9.1
CVE-2022-48565
9.8 - Critical
- August 22, 2023
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
XXE
Python 3.9.1 HMAC.compare_digest Constant-Time Defeat via Accumulator
CVE-2022-48566
5.9 - Medium
- August 22, 2023
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Race Condition
Python 3.9 Use-After-Free via heapq.heappushpop
CVE-2022-48560
7.5 - High
- August 22, 2023
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
Dangling pointer
Python plistlib DoS before 3.9.1 via malformed binary PLIST
CVE-2022-48564
6.5 - Medium
- August 22, 2023
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
Resource Exhaustion
Python 3.7 _asyncio._swap_current_task data leak
CVE-2023-38898
5.3 - Medium
- August 15, 2023
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.
Python email.utils.parseaddr RecursionError via crafted argument (pre-3.11.5)
CVE-2023-36632
7.5 - High
- June 25, 2023
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
Stack Exhaustion
Python CPython v3.12.0a7 UAF via ascii_decode
CVE-2023-33595
5.5 - Medium
- June 07, 2023
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
Dangling pointer
Python 3.11.3 Email Parsing Bug Allows Domain Bypass
CVE-2023-27043
5.3 - Medium
- April 19, 2023
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Improper Input Validation
urllib.parse Blank-Char Bypass Python <3.11.4
CVE-2023-24329
7.5 - High
- February 17, 2023
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
Improper Input Validation
Python IDNA Decoder CPU DoS via Quadratic Algorithm (Pre-3.11.1)
CVE-2022-45061
7.5 - High
- November 09, 2022
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Inefficient Algorithmic Complexity
Python <3.9.16/3.10.9 Forkserver MP LDPE via abstract sockets
CVE-2022-42919
7.8 - High
- November 07, 2022
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
Marshaling, Unmarshaling
Keccak XKCP SHA3 Ref Impl: Integer Overflow in Sponge Enables Code Exec
CVE-2022-37454
9.8 - Critical
- October 21, 2022
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Integer Overflow or Wraparound
Python Int Parsing Slowdown (CVE-2020-10735)
CVE-2020-10735
- September 09, 2022
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Python FTP Client PASV Host Trust Flaw (CVE-2021-4189)
CVE-2021-4189
5.3 - Medium
- August 24, 2022
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Unchecked Return Value
Python 3.03.10: Open Redirect in http.server lib/http/server.py
CVE-2021-28861
6.5 - Medium
- August 23, 2022
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Open Redirect
A vulnerability classified as problematic was found in Python 2.7.13
CVE-2017-20052
7.8 - High
- June 16, 2022
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
DLL preloading
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file
CVE-2015-20107
- April 13, 2022
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
zlib before 1.2.12 allows memory corruption when deflating (i.e
CVE-2018-25032
7.5 - High
- March 25, 2022
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Memory Corruption
There's a flaw in urllib's AbstractBasicAuthHandler class
CVE-2021-3733
- March 10, 2022
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Resource Exhaustion
A flaw was found in python
CVE-2021-3737
7.5 - High
- March 04, 2022
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Infinite Loop
