python
262 tracked vulnerabilities.
CVE-2026-25990
HIGH
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0994
HIGH
Protobuf - Denial of Service via Recursion Depth Bypass in Any Message Parsing
Jan 23, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-21441
HIGH
urllib3 1.22-2.6.2 - Denial of Service via HTTP Redirect Response Decompression
Jan 07, 2026
CVSS 7.5
EPSS 0.03
CVE-2025-13462
LOW
CPython Tarfile Archive Misinterpretation via AREGTYPE Block Normalization
Mar 12, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-12781
MEDIUM
Python < 3.13.10 - Incorrect Type Conversion in base64 Decode Functions
Jan 21, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-66471
HIGH
urllib3 1.0-2.5.9 - Denial of Service via Highly Compressed Data Handling
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-66418
HIGH
urllib3 1.24-2.5.x - Denial of Service via Unbounded Decompression Chain
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-12084
MEDIUM
Python < 3.13.11 - Denial of Service via Quadratic Complexity in xml.dom.minidom
Dec 03, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-13837
MEDIUM
Python < 3.13.10 - Denial of Service via plistlib Malicious File Size Handling
Dec 01, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-13836
HIGH
Python < 3.13.11 - Uncontrolled Resource Consumption via HTTP Response Content-Length
Dec 01, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-6075
MEDIUM
os.path.expandvars - Info Disclosure
Oct 31, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-48379
HIGH
Pillow 11.2.0-11.2.9 - Heap-based Buffer Overflow in DDS Image Writing
Jul 01, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-50182
MEDIUM
urllib3 2.2.0-2.5.0 - Open Redirect via Pyodide Runtime
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-50181
MEDIUM
urllib3 < 2.5.0 - Open Redirect via PoolManager Retry Configuration
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47273
HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
May 17, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-9287
HIGH
CPython < 3.9.21 - Command Injection via Unquoted Path in venv Module
Oct 22, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-6232
HIGH
CPython < 3.8.20 - Denial of Service via TarFile Header Parsing ReDoS
Sep 03, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-7592
HIGH
CPython < 3.8.20 - Inefficient Regular Expression Complexity in http.cookies Module
Aug 19, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-37891
MEDIUM
urllib3 < 1.26.19 - Proxy-Authorization Header Leak on Cross-Origin Redirects
Jun 17, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-28219
MEDIUM
Pillow < 10.3.0 - Buffer Overflow via Unsafe strcpy in _imagingcms.c
Apr 03, 2024
CVSS 6.7
EPSS 0.01
CVE-2023-50447
HIGH
Pillow < 10.1.0 - Remote Code Execution via PIL.ImageMath.eval Environment Parameter
Jan 19, 2024
CVSS 8.1
EPSS 0.02
CVE-2023-6507
MEDIUM
CPython 3.12.0 - Improper Privilege Management in subprocess extra_groups Parameter
Dec 08, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-44271
HIGH
Pillow < 10.0.0 - Denial of Service via Truetype Font Memory Allocation
Nov 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-45803
MEDIUM
urllib3 < 1.26.18 and 2.0.0-2.0.7 - Exposure of Sensitive Information via HTTP Redirect
Oct 17, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-43804
MEDIUM
urllib3 <1.26.17, <2.0.5 - Info Disclosure
Oct 04, 2023
CVSS 5.9
EPSS 0.01
Products
python 139
pillow 65
urllib3 19
requests 6
setuptools 4
keyring 3
black 2
pyxdg 2
typed_ast 2
Protobuf 1
beaker 1
cpython 1
hpack 1
hyper 1
jw.util 1
novajoin 1
openpyxl 1
py-bcrypt 1
pybluemonday 1
pymanager 1
pypi 1
pypiserver 1
python-gnupg 1
python_priority_library 1
pyxml 1
rply 1
rsa 1
tablib 1
tgcaptcha2 1
tkvideoplayer 1
Quick Filters