python

250 tracked vulnerabilities.

CVE-2025-50182 MEDIUM
urllib3 2.2.0-2.5.0 - Open Redirect via Pyodide Runtime
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-50181 MEDIUM
urllib3 < 2.5.0 - Open Redirect via PoolManager Retry Configuration
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47273 HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
May 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-9287 HIGH
CPython < 3.9.21 - Command Injection via Unquoted Path in venv Module
Oct 22, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-6232 HIGH
CPython < 3.8.20 - Denial of Service via TarFile Header Parsing ReDoS
Sep 03, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-7592 HIGH
CPython < 3.8.20 - Inefficient Regular Expression Complexity in http.cookies Module
Aug 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37891 MEDIUM
urllib3 < 1.26.19 - Proxy-Authorization Header Leak on Cross-Origin Redirects
Jun 17, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-28219 MEDIUM
Pillow < 10.3.0 - Buffer Overflow via Unsafe strcpy in _imagingcms.c
Apr 03, 2024
CVSS 6.7
EPSS 0.00
CVE-2023-50447 HIGH
Pillow < 10.1.0 - Remote Code Execution via PIL.ImageMath.eval Environment Parameter
Jan 19, 2024
CVSS 8.1
EPSS 0.01
CVE-2023-6507 MEDIUM
CPython 3.12.0 - Improper Privilege Management in subprocess extra_groups Parameter
Dec 08, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-44271 HIGH
Pillow < 10.0.0 - Denial of Service via Truetype Font Memory Allocation
Nov 03, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-45803 MEDIUM
urllib3 < 1.26.18 and 2.0.0-2.0.7 - Exposure of Sensitive Information via HTTP Redirect
Oct 17, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-43804 MEDIUM
urllib3 <1.26.17, <2.0.5 - Info Disclosure
Oct 04, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-40217 MEDIUM
Python <3.8.18-3.11.5 - Info Disclosure
Aug 25, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41105 HIGH
Python 3.11.0-3.11.4 - Untrusted Search Path via os.path.normpath()
Aug 23, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38898 MEDIUM
Python cpython <3.7 - Info Disclosure
Aug 15, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-36632 HIGH
Python < 3.11.4 - Denial of Service via email.utils.parseaddr Recursion
Jun 25, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-33595 MEDIUM
CPython 3.12.0 alpha 7 - Use-After-Free in ascii_decode Function
Jun 07, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-32681 MEDIUM
Requests 2.3.0-2.31.0 - Proxy-Authorization Header Leak via HTTPS Redirect
May 26, 2023
CVSS 6.1
EPSS 0.06
CVE-2023-27043 MEDIUM
Python <3.11.3 - Info Disclosure
Apr 19, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-24329 HIGH
Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse
Feb 17, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-48566 MEDIUM
Python < 3.6.13 - Timing Attack via hmac.compare_digest
Aug 22, 2023
CVSS 5.9
EPSS 0.00
CVE-2022-48565 CRITICAL
Python < 3.6.13 - XML External Entity Injection in plistlib Module
Aug 22, 2023
CVSS 9.8
EPSS 0.07
CVE-2022-48564 MEDIUM
Python < 3.6.13 - Denial of Service via Malformed Binary Property List Processing
Aug 22, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-48560 HIGH
Python <= 3.9 - Use-After-Free via heappushpop in heapq
Aug 22, 2023
CVSS 7.5
EPSS 0.00
Products
python 132 pillow 60 urllib3 19 requests 6 keyring 3 setuptools 3 black 2 pyxdg 2 typed_ast 2 Protobuf 1 beaker 1 cpython 1 hpack 1 hyper 1 jw.util 1 novajoin 1 openpyxl 1 py-bcrypt 1 pybluemonday 1 pymanager 1 pypi 1 pypiserver 1 python-gnupg 1 python_priority_library 1 pyxml 1 rply 1 rsa 1 tablib 1 tgcaptcha2 1 tkvideoplayer 1
Quick Filters
Critical CVEs With Exploits In CISA KEV