python
262 tracked vulnerabilities.
CVE-2022-22816
MEDIUM
Pillow < 9.0.0 - Out-of-bounds Read in ImagePath.Path Initialization
Jan 10, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-22815
MEDIUM
Pillow < 9.0.0 - Improper Initialization in ImagePath.Path
Jan 10, 2022
CVSS 6.5
EPSS 0.03
CVE-2021-4189
MEDIUM
Python 3.6.0-3.6.13 - FTP Client Passive Mode Connection Spoofing
Aug 24, 2022
CVSS 5.3
EPSS 0.03
CVE-2021-28861
HIGH
Python 3.0.0-3.10 - Open Redirect via URI Path
Aug 23, 2022
CVSS 7.4
EPSS 0.02
CVE-2021-3733
MEDIUM
Python < 3.6.14 - Regular Expression Denial of Service in urllib AbstractBasicAuthHandler
Mar 10, 2022
CVSS 6.5
EPSS 0.05
CVE-2021-3737
HIGH
Python >=3.6.0 <3.6.14 - Denial of Service via HTTP Response Handling
Mar 04, 2022
CVSS 7.5
EPSS 0.12
CVE-2021-42576
CRITICAL
bluemonday < 1.0.16 and pybluemonday < 0.0.8 - Policy Enforcement Bypass in SELECT STYLE and OPTION Elements
Oct 18, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23437
HIGH
Pillow 5.2.0-8.3.1 - Regular Expression Denial of Service via getrgb Function
Sep 03, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-34552
CRITICAL
Pillow < 8.3.0 and PIL < 1.1.7 - Buffer Overflow in Convert.c
Jul 13, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-33503
HIGH
urllib3 >=1.25.4 <1.26.5 - Denial of Service via Authority Component Regex Backtracking
Jun 29, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-28678
MEDIUM
Pillow < 8.2.0 - Denial of Service via BLP Image Data Handling
Jun 02, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-28677
HIGH
Pillow < 8.2.0 - Denial of Service via EPS Line Ending Parsing
Jun 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-28676
HIGH
Pillow < 8.2.0 - Denial of Service via FLI Block Advance Infinite Loop
Jun 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-25288
CRITICAL
Pillow < 8.2.0 - Out-of-bounds Read in J2kDecode
Jun 02, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-25287
CRITICAL
Pillow < 8.2.0 - Out-of-bounds Read in J2kDecode
Jun 02, 2021
CVSS 9.1
EPSS 0.03
CVE-2021-28675
MEDIUM
Pillow < 8.2.0 - Denial of Service in PSDImagePlugin
Jun 02, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-3426
MEDIUM
Python < 3.8.9, < 3.9.3, < 3.10.0a7 - Information Disclosure via pydoc Server
May 20, 2021
CVSS 5.7
EPSS 0.02
CVE-2021-29921
CRITICAL
Python < 3.9.5 - IP Address Validation Bypass via Leading Zero Octets
May 06, 2021
CVSS 9.8
EPSS 0.07
CVE-2021-25293
HIGH
Pillow < 8.1.1 - Out-of-bounds Read in SGIRleDecode.c
Mar 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-25292
MEDIUM
Pillow < 8.1.1 - Denial of Service via PDF Parser Regex Backtracking
Mar 19, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-25291
HIGH
Pillow < 8.1.1 - Out-of-bounds Read in TiffreadRGBATile
Mar 19, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-25290
HIGH
Pillow < 8.1.1 - Out-of-bounds Write in TiffDecode.c
Mar 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-25289
CRITICAL
Pillow < 8.1.1 - Heap-Based Buffer Overflow in TiffDecode
Mar 19, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-28363
MEDIUM
urllib3 1.26.0-1.26.3 - Improper Certificate Validation in HTTPS Proxy Connections
Mar 15, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-27923
HIGH
Pillow < 8.1.2 - Denial of Service via ICO Image Size Mismatch
Mar 03, 2021
CVSS 7.5
EPSS 0.03
Products
python 139
pillow 65
urllib3 19
requests 6
setuptools 4
keyring 3
black 2
pyxdg 2
typed_ast 2
Protobuf 1
beaker 1
cpython 1
hpack 1
hyper 1
jw.util 1
novajoin 1
openpyxl 1
py-bcrypt 1
pybluemonday 1
pymanager 1
pypi 1
pypiserver 1
python-gnupg 1
python_priority_library 1
pyxml 1
rply 1
rsa 1
tablib 1
tgcaptcha2 1
tkvideoplayer 1
Quick Filters