python

262 tracked vulnerabilities.

CVE-2022-22816 MEDIUM
Pillow < 9.0.0 - Out-of-bounds Read in ImagePath.Path Initialization
Jan 10, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-22815 MEDIUM
Pillow < 9.0.0 - Improper Initialization in ImagePath.Path
Jan 10, 2022
CVSS 6.5
EPSS 0.03
CVE-2021-4189 MEDIUM
Python 3.6.0-3.6.13 - FTP Client Passive Mode Connection Spoofing
Aug 24, 2022
CVSS 5.3
EPSS 0.03
CVE-2021-28861 HIGH
Python 3.0.0-3.10 - Open Redirect via URI Path
Aug 23, 2022
CVSS 7.4
EPSS 0.02
CVE-2021-3733 MEDIUM
Python < 3.6.14 - Regular Expression Denial of Service in urllib AbstractBasicAuthHandler
Mar 10, 2022
CVSS 6.5
EPSS 0.05
CVE-2021-3737 HIGH
Python >=3.6.0 <3.6.14 - Denial of Service via HTTP Response Handling
Mar 04, 2022
CVSS 7.5
EPSS 0.12
CVE-2021-42576 CRITICAL
bluemonday < 1.0.16 and pybluemonday < 0.0.8 - Policy Enforcement Bypass in SELECT STYLE and OPTION Elements
Oct 18, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23437 HIGH
Pillow 5.2.0-8.3.1 - Regular Expression Denial of Service via getrgb Function
Sep 03, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-34552 CRITICAL
Pillow < 8.3.0 and PIL < 1.1.7 - Buffer Overflow in Convert.c
Jul 13, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-33503 HIGH
urllib3 >=1.25.4 <1.26.5 - Denial of Service via Authority Component Regex Backtracking
Jun 29, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-28678 MEDIUM
Pillow < 8.2.0 - Denial of Service via BLP Image Data Handling
Jun 02, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-28677 HIGH
Pillow < 8.2.0 - Denial of Service via EPS Line Ending Parsing
Jun 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-28676 HIGH
Pillow < 8.2.0 - Denial of Service via FLI Block Advance Infinite Loop
Jun 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-25288 CRITICAL
Pillow < 8.2.0 - Out-of-bounds Read in J2kDecode
Jun 02, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-25287 CRITICAL
Pillow < 8.2.0 - Out-of-bounds Read in J2kDecode
Jun 02, 2021
CVSS 9.1
EPSS 0.03
CVE-2021-28675 MEDIUM
Pillow < 8.2.0 - Denial of Service in PSDImagePlugin
Jun 02, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-3426 MEDIUM
Python < 3.8.9, < 3.9.3, < 3.10.0a7 - Information Disclosure via pydoc Server
May 20, 2021
CVSS 5.7
EPSS 0.02
CVE-2021-29921 CRITICAL
Python < 3.9.5 - IP Address Validation Bypass via Leading Zero Octets
May 06, 2021
CVSS 9.8
EPSS 0.07
CVE-2021-25293 HIGH
Pillow < 8.1.1 - Out-of-bounds Read in SGIRleDecode.c
Mar 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-25292 MEDIUM
Pillow < 8.1.1 - Denial of Service via PDF Parser Regex Backtracking
Mar 19, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-25291 HIGH
Pillow < 8.1.1 - Out-of-bounds Read in TiffreadRGBATile
Mar 19, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-25290 HIGH
Pillow < 8.1.1 - Out-of-bounds Write in TiffDecode.c
Mar 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-25289 CRITICAL
Pillow < 8.1.1 - Heap-Based Buffer Overflow in TiffDecode
Mar 19, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-28363 MEDIUM
urllib3 1.26.0-1.26.3 - Improper Certificate Validation in HTTPS Proxy Connections
Mar 15, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-27923 HIGH
Pillow < 8.1.2 - Denial of Service via ICO Image Size Mismatch
Mar 03, 2021
CVSS 7.5
EPSS 0.03