python

262 tracked vulnerabilities.

CVE-2023-40217 MEDIUM
Python <3.8.18-3.11.5 - Info Disclosure
Aug 25, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41105 HIGH
Python 3.11.0-3.11.4 - Untrusted Search Path via os.path.normpath()
Aug 23, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-38898 MEDIUM
Python cpython <3.7 - Info Disclosure
Aug 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-36632 HIGH
Python < 3.11.4 - Denial of Service via email.utils.parseaddr Recursion
Jun 25, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-33595 MEDIUM
CPython 3.12.0 alpha 7 - Use-After-Free in ascii_decode Function
Jun 07, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-32681 MEDIUM
Requests 2.3.0-2.31.0 - Proxy-Authorization Header Leak via HTTPS Redirect
May 26, 2023
CVSS 6.1
EPSS 0.03
CVE-2023-27043 MEDIUM
Python <3.11.3 - Info Disclosure
Apr 19, 2023
CVSS 5.3
EPSS 0.03
CVE-2023-24329 HIGH
Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse
Feb 17, 2023
CVSS 7.5
EPSS 0.20
CVE-2022-48566 MEDIUM
Python < 3.6.13 - Timing Attack via hmac.compare_digest
Aug 22, 2023
CVSS 5.9
EPSS 0.01
CVE-2022-48565 CRITICAL
Python < 3.6.13 - XML External Entity Injection in plistlib Module
Aug 22, 2023
CVSS 9.8
EPSS 0.04
CVE-2022-48564 MEDIUM
Python < 3.6.13 - Denial of Service via Malformed Binary Property List Processing
Aug 22, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-48560 HIGH
Python <= 3.9 - Use-After-Free via heappushpop in heapq
Aug 22, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-40897 MEDIUM
Python Packaging Authority (PyPA) setuptools <65.5.1 - DoS
Dec 23, 2022
CVSS 5.9
EPSS 0.03
CVE-2022-45199 HIGH
Pillow < 9.3.0 - Denial of Service via SAMPLESPERPIXEL
Nov 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45198 HIGH
Pillow < 9.2.0 - Denial of Service via Highly Compressed GIF Data
Nov 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45061 HIGH
Python < 3.11.1 - Denial of Service via IDNA Decoder Quadratic Algorithm
Nov 09, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-42919 HIGH
Python 3.9.x < 3.9.16 and 3.10.x < 3.10.9 - Privilege Escalation via Pickle Deserialization
Nov 07, 2022
CVSS 7.8
EPSS 0.01
CVE-2022-37454 CRITICAL
Keccak XKCP SHA-3 Reference Implementation - Integer Overflow and Buffer Overflow in Sponge Function Interface
Oct 21, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-30595 CRITICAL
Pillow 9.1.0 - Heap Buffer Overflow in TGA Image Processing
May 25, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-28470 CRITICAL
marcador 0.1-0.13 - Backdoor Code Execution
May 08, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-24902 LOW
tkvideoplayer < 2.0.0 - Uncontrolled Resource Consumption
May 06, 2022
CVSS 2.9
EPSS 0.01
CVE-2022-24303 CRITICAL
Pillow < 9.0.1 - Arbitrary File Deletion via Temporary Pathname Mishandling
Mar 28, 2022
CVSS 9.1
EPSS 0.03
CVE-2022-26488 HIGH
Python <3.10.3 (Windows) - Privilege Escalation
Mar 10, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-0391 HIGH
Python <3.10.0b1-3.6.14 - Code Injection
Feb 09, 2022
CVSS 7.5
EPSS 0.08
CVE-2022-22817 CRITICAL
Pillow < 9.0.1 - Remote Code Execution via ImageMath.eval Expression Injection
Jan 10, 2022
CVSS 9.8
EPSS 0.03