python

250 tracked vulnerabilities.

CVE-2026-44432 HIGH
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44431 MEDIUM
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42311 HIGH
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)
May 09, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-42310 MEDIUM
Pillow: PDF Parsing Trailer Infinite Loop (DoS)
May 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-42309 MEDIUM
Pillow: Heap buffer overflow with nested list coordinates
May 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-42308 MEDIUM
Pillow: Integer overflow when processing fonts
May 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-3087 HIGH
shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Apr 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6019 MEDIUM
BaseCookie.js_output() does not neutralize embedded characters
Apr 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-40192 HIGH
Pillow is vulnerable to a FITS GZIP decompression bomb
Apr 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5271 HIGH
Possible to hijack modules in current working directory
Apr 01, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-25645 MEDIUM
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Mar 25, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-4519 LOW
webbrowser.open() allows leading dashes in URLs
Mar 20, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-32274 HIGH
Black < 26.3.1 - Path Traversal via --python-cell-magics Option
Mar 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31900 CRITICAL
Black GitHub Action - Command Injection
Mar 11, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-25990 HIGH
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0994 HIGH
Protobuf - Denial of Service via Recursion Depth Bypass in Any Message Parsing
Jan 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21441 HIGH
urllib3 1.22-2.6.2 - Denial of Service via HTTP Redirect Response Decompression
Jan 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-12781 MEDIUM
Python < 3.13.10 - Incorrect Type Conversion in base64 Decode Functions
Jan 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-66471 HIGH
urllib3 1.0-2.5.9 - Denial of Service via Highly Compressed Data Handling
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66418 HIGH
urllib3 1.24-2.5.x - Denial of Service via Unbounded Decompression Chain
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12084 MEDIUM
Python < 3.13.11 - Denial of Service via Quadratic Complexity in xml.dom.minidom
Dec 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-13837 MEDIUM
Python < 3.13.10 - Denial of Service via plistlib Malicious File Size Handling
Dec 01, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-13836 HIGH
Python < 3.13.11 - Uncontrolled Resource Consumption via HTTP Response Content-Length
Dec 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6075 MEDIUM
os.path.expandvars - Info Disclosure
Oct 31, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-48379 HIGH
Pillow 11.2.0-11.2.9 - Heap-based Buffer Overflow in DDS Image Writing
Jul 01, 2025
CVSS 7.1
EPSS 0.00
Products
python 132 pillow 60 urllib3 19 requests 6 keyring 3 setuptools 3 black 2 pyxdg 2 typed_ast 2 Protobuf 1 beaker 1 cpython 1 hpack 1 hyper 1 jw.util 1 novajoin 1 openpyxl 1 py-bcrypt 1 pybluemonday 1 pymanager 1 pypi 1 pypiserver 1 python-gnupg 1 python_priority_library 1 pyxml 1 rply 1 rsa 1 tablib 1 tgcaptcha2 1 tkvideoplayer 1
Quick Filters
Critical CVEs With Exploits In CISA KEV