python

250 tracked vulnerabilities.

CVE-2022-40897 MEDIUM
Python Packaging Authority (PyPA) setuptools <65.5.1 - DoS
Dec 23, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-45199 HIGH
Pillow < 9.3.0 - Denial of Service via SAMPLESPERPIXEL
Nov 14, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-45198 HIGH
Pillow < 9.2.0 - Denial of Service via Highly Compressed GIF Data
Nov 14, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-45061 HIGH
Python < 3.11.1 - Denial of Service via IDNA Decoder Quadratic Algorithm
Nov 09, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-42919 HIGH
Python 3.9.x < 3.9.16 and 3.10.x < 3.10.9 - Privilege Escalation via Pickle Deserialization
Nov 07, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-37454 CRITICAL
Keccak XKCP SHA-3 Reference Implementation - Integer Overflow and Buffer Overflow in Sponge Function Interface
Oct 21, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-30595 CRITICAL
Pillow 9.1.0 - Heap Buffer Overflow in TGA Image Processing
May 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-28470 CRITICAL
marcador 0.1-0.13 - Backdoor Code Execution
May 08, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-24902 LOW
tkvideoplayer < 2.0.0 - Uncontrolled Resource Consumption
May 06, 2022
CVSS 2.9
EPSS 0.00
CVE-2022-24303 CRITICAL
Pillow < 9.0.1 - Arbitrary File Deletion via Temporary Pathname Mishandling
Mar 28, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-26488 HIGH
Python <3.10.3 (Windows) - Privilege Escalation
Mar 10, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-0391 HIGH
Python <3.10.0b1-3.6.14 - Code Injection
Feb 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-22817 CRITICAL
Pillow < 9.0.1 - Remote Code Execution via ImageMath.eval Expression Injection
Jan 10, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-22816 MEDIUM
Pillow < 9.0.0 - Out-of-bounds Read in ImagePath.Path Initialization
Jan 10, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-22815 MEDIUM
Pillow < 9.0.0 - Improper Initialization in ImagePath.Path
Jan 10, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-4189 MEDIUM
Python 3.6.0-3.6.13 - FTP Client Passive Mode Connection Spoofing
Aug 24, 2022
CVSS 5.3
EPSS 0.01
CVE-2021-28861 HIGH
Python 3.0.0-3.10 - Open Redirect via URI Path
Aug 23, 2022
CVSS 7.4
EPSS 0.01
CVE-2021-3733 MEDIUM
Python < 3.6.14 - Regular Expression Denial of Service in urllib AbstractBasicAuthHandler
Mar 10, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-3737 HIGH
Python >=3.6.0 <3.6.14 - Denial of Service via HTTP Response Handling
Mar 04, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-42576 CRITICAL
bluemonday < 1.0.16 and pybluemonday < 0.0.8 - Policy Enforcement Bypass in SELECT STYLE and OPTION Elements
Oct 18, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-23437 HIGH
Pillow 5.2.0-8.3.1 - Regular Expression Denial of Service via getrgb Function
Sep 03, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-34552 CRITICAL
Pillow < 8.3.0 and PIL < 1.1.7 - Buffer Overflow in Convert.c
Jul 13, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-33503 HIGH
urllib3 >=1.25.4 <1.26.5 - Denial of Service via Authority Component Regex Backtracking
Jun 29, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-28678 MEDIUM
Pillow < 8.2.0 - Denial of Service via BLP Image Data Handling
Jun 02, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-28677 HIGH
Pillow < 8.2.0 - Denial of Service via EPS Line Ending Parsing
Jun 02, 2021
CVSS 7.5
EPSS 0.00
Products
python 132 pillow 60 urllib3 19 requests 6 keyring 3 setuptools 3 black 2 pyxdg 2 typed_ast 2 Protobuf 1 beaker 1 cpython 1 hpack 1 hyper 1 jw.util 1 novajoin 1 openpyxl 1 py-bcrypt 1 pybluemonday 1 pymanager 1 pypi 1 pypiserver 1 python-gnupg 1 python_priority_library 1 pyxml 1 rply 1 rsa 1 tablib 1 tgcaptcha2 1 tkvideoplayer 1
Quick Filters
Critical CVEs With Exploits In CISA KEV