python

262 tracked vulnerabilities.

CVE-2020-5311 CRITICAL
Pillow < 6.2.2 - Buffer Overflow in SGI Image Decoder
Jan 03, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-5310 HIGH
Pillow < 6.2.2 - Integer Overflow in TIFF Decoding
Jan 03, 2020
CVSS 8.8
EPSS 0.02
CVE-2019-20907 HIGH
Python < 3.5.10 - Denial of Service via Crafted TAR Archive
Jul 13, 2020
CVSS 7.5
EPSS 0.06
CVE-2019-9674 HIGH
Python < 3.8 - Denial of Service via ZIP Bomb
Feb 04, 2020
CVSS 7.5
EPSS 0.06
CVE-2019-19911 HIGH
Pillow < 6.2.2 - Denial of Service via FpxImagePlugin Integer Overflow
Jan 05, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-19275 HIGH
typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments
Nov 26, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-19274 HIGH
typed_ast <1.3.2 - Memory Corruption
Nov 26, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-5010 HIGH
Python 2.7.0-2.7.15 - Denial of Service via X509 Certificate NULL Pointer Dereference
Oct 31, 2019
CVSS 7.5
EPSS 0.21
CVE-2019-18348 MEDIUM
Python 2.x < 2.7.17 - CRLF Injection via urllib/urllib2 URL Host Component
Oct 23, 2019
CVSS 6.1
EPSS 0.04
CVE-2019-17514 HIGH
Python - Incorrect Calculation in glob.glob Documentation
Oct 12, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-16865 HIGH
Pillow < 6.2.0 - Denial of Service via Crafted Invalid Image Files
Oct 04, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-16935 MEDIUM
Python < 2.7.17 - Cross-Site Scripting via DocXMLRPCServer server_title Field
Sep 28, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-16056 HIGH
Python < 2.7.16, 3.x < 3.5.8, 3.6.x < 3.6.10, 3.7.x < 3.7.5 - Email Address Parsing Bypass via Multiple @ Characters
Sep 06, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-15903 HIGH
libexpat < 2.2.8 - XML External Entity Injection via DTD Parsing
Sep 04, 2019
CVSS 7.5
EPSS 0.07
CVE-2019-10138 HIGH
python-novajoin <1.1.1 - Privilege Escalation
Jul 30, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-13404 HIGH
Python < 2.7.16 - Unprotected User Data Exposure via Default Installation Directory
Jul 08, 2019
CVSS 7.8
EPSS 0.01
CVE-2019-12900 CRITICAL
bzip2 < 1.0.6 - Out-of-bounds Write in BZ2_decompress
Jun 19, 2019
CVSS 9.8
EPSS 0.08
CVE-2019-10160 CRITICAL
Python 2.7.0-2.7.16, 3.5, 3.6, 3.7, 3.8.0a4-3.8.0b1 - URL Parsing Security Regression
Jun 07, 2019
CVSS 9.8
EPSS 0.05
CVE-2019-12761 HIGH
PyXDG < 0.26 - Code Injection via Menu XML Category Element
Jun 06, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-11324 HIGH
urllib3 < 1.24.2 - Improper Certificate Validation via SSL Context Handling
Apr 18, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-11236 MEDIUM
urllib3 < 1.24.2 - CRLF Injection via Request Parameter
Apr 15, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-9948 CRITICAL
Python 2.x < 2.7.17 - Path Traversal via local_file URI Scheme
Mar 23, 2019
CVSS 9.1
EPSS 0.12
CVE-2019-9947 MEDIUM
Python 2.x-2.7.16 & Python 3.x-3.7.3 - CRLF Injection
Mar 23, 2019
CVSS 6.1
EPSS 0.06
CVE-2019-6690 HIGH
python-gnupg 0.4.3 - Improper Input Validation
Mar 21, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-9740 MEDIUM
Python < 2.7.17 - CRLF Injection via URL Parameter
Mar 13, 2019
CVSS 6.1
EPSS 0.05