python

262 tracked vulnerabilities.

CVE-2026-25990 HIGH
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0994 HIGH
Protobuf - Denial of Service via Recursion Depth Bypass in Any Message Parsing
Jan 23, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-21441 HIGH
urllib3 1.22-2.6.2 - Denial of Service via HTTP Redirect Response Decompression
Jan 07, 2026
CVSS 7.5
EPSS 0.03
CVE-2025-13462 LOW
CPython Tarfile Archive Misinterpretation via AREGTYPE Block Normalization
Mar 12, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-12781 MEDIUM
Python < 3.13.10 - Incorrect Type Conversion in base64 Decode Functions
Jan 21, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-66471 HIGH
urllib3 1.0-2.5.9 - Denial of Service via Highly Compressed Data Handling
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-66418 HIGH
urllib3 1.24-2.5.x - Denial of Service via Unbounded Decompression Chain
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-12084 MEDIUM
Python < 3.13.11 - Denial of Service via Quadratic Complexity in xml.dom.minidom
Dec 03, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-13837 MEDIUM
Python < 3.13.10 - Denial of Service via plistlib Malicious File Size Handling
Dec 01, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-13836 HIGH
Python < 3.13.11 - Uncontrolled Resource Consumption via HTTP Response Content-Length
Dec 01, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-6075 MEDIUM
os.path.expandvars - Info Disclosure
Oct 31, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-48379 HIGH
Pillow 11.2.0-11.2.9 - Heap-based Buffer Overflow in DDS Image Writing
Jul 01, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-50182 MEDIUM
urllib3 2.2.0-2.5.0 - Open Redirect via Pyodide Runtime
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-50181 MEDIUM
urllib3 < 2.5.0 - Open Redirect via PoolManager Retry Configuration
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47273 HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
May 17, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-9287 HIGH
CPython < 3.9.21 - Command Injection via Unquoted Path in venv Module
Oct 22, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-6232 HIGH
CPython < 3.8.20 - Denial of Service via TarFile Header Parsing ReDoS
Sep 03, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-7592 HIGH
CPython < 3.8.20 - Inefficient Regular Expression Complexity in http.cookies Module
Aug 19, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-37891 MEDIUM
urllib3 < 1.26.19 - Proxy-Authorization Header Leak on Cross-Origin Redirects
Jun 17, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-28219 MEDIUM
Pillow < 10.3.0 - Buffer Overflow via Unsafe strcpy in _imagingcms.c
Apr 03, 2024
CVSS 6.7
EPSS 0.01
CVE-2023-50447 HIGH
Pillow < 10.1.0 - Remote Code Execution via PIL.ImageMath.eval Environment Parameter
Jan 19, 2024
CVSS 8.1
EPSS 0.02
CVE-2023-6507 MEDIUM
CPython 3.12.0 - Improper Privilege Management in subprocess extra_groups Parameter
Dec 08, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-44271 HIGH
Pillow < 10.0.0 - Denial of Service via Truetype Font Memory Allocation
Nov 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-45803 MEDIUM
urllib3 < 1.26.18 and 2.0.0-2.0.7 - Exposure of Sensitive Information via HTTP Redirect
Oct 17, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-43804 MEDIUM
urllib3 <1.26.17, <2.0.5 - Info Disclosure
Oct 04, 2023
CVSS 5.9
EPSS 0.01