python

250 tracked vulnerabilities.

CVE-2019-16056 HIGH
Python < 2.7.16, 3.x < 3.5.8, 3.6.x < 3.6.10, 3.7.x < 3.7.5 - Email Address Parsing Bypass via Multiple @ Characters
Sep 06, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-15903 HIGH
libexpat < 2.2.8 - XML External Entity Injection via DTD Parsing
Sep 04, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-10138 HIGH
python-novajoin <1.1.1 - Privilege Escalation
Jul 30, 2019
CVSS 8.8
EPSS 0.00
CVE-2019-13404 HIGH
Python < 2.7.16 - Unprotected User Data Exposure via Default Installation Directory
Jul 08, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-12900 CRITICAL
bzip2 < 1.0.6 - Out-of-bounds Write in BZ2_decompress
Jun 19, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-10160 CRITICAL
Python 2.7.0-2.7.16, 3.5, 3.6, 3.7, 3.8.0a4-3.8.0b1 - URL Parsing Security Regression
Jun 07, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-12761 HIGH
PyXDG < 0.26 - Code Injection via Menu XML Category Element
Jun 06, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-11324 HIGH
urllib3 < 1.24.2 - Improper Certificate Validation via SSL Context Handling
Apr 18, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-11236 MEDIUM
urllib3 < 1.24.2 - CRLF Injection via Request Parameter
Apr 15, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-9948 CRITICAL
Python 2.x < 2.7.17 - Path Traversal via local_file URI Scheme
Mar 23, 2019
CVSS 9.1
EPSS 0.01
CVE-2019-9947 MEDIUM
Python 2.x-2.7.16 & Python 3.x-3.7.3 - CRLF Injection
Mar 23, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-6690 HIGH
python-gnupg 0.4.3 - Improper Input Validation
Mar 21, 2019
CVSS 7.5
EPSS 0.21
CVE-2019-9740 MEDIUM
Python < 2.7.17 - CRLF Injection via URL Parameter
Mar 13, 2019
CVSS 6.1
EPSS 0.10
CVE-2019-9636 CRITICAL
Python 2.7.x-3.7.2 - Info Disclosure
Mar 08, 2019
CVSS 9.8
EPSS 0.09
CVE-2019-6802 MEDIUM NUCLEI
pypiserver < 1.2.5 - CRLF Injection via URI
Jan 25, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-25091 MEDIUM
urllib3 < 1.24.2 - Unauthenticated Credential Exposure via Cross-Origin Redirect
Oct 15, 2023
CVSS 6.1
EPSS 0.00
CVE-2018-25032 HIGH
zlib <1.2.12 - Memory Corruption
Mar 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2018-20852 MEDIUM
Python 2.0-2.7.16 - Cookie Domain Validation Bypass in http.cookiejar.DefaultPolicy
Jul 13, 2019
CVSS 5.3
EPSS 0.02
CVE-2018-20406 HIGH
Python < 3.7.1 - Integer Overflow via Large LONG_BINPUT in _pickle Module
Dec 23, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-20060 CRITICAL
urllib3 < 1.23 - Authorization Header Exposure via Cross-Origin Redirect
Dec 11, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-18074 HIGH
python/requests < 2.20.0 - Credential Exposure via HTTPS-to-HTTP Redirect
Oct 09, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-14647 HIGH
Python 2.7.0-2.7.15, 3.4.0-3.4.9, 3.5.0-3.5.6, 3.6.0-3.6.6, 3.7.0 - Denial of Service via Expat Hash Collisions
Sep 25, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-1000802 CRITICAL
Python Software Foundation Python <2.7 - Command Injection
Sep 18, 2018
CVSS 9.8
EPSS 0.26
CVE-2018-1061 MEDIUM
Python < 2.7.15 - Denial of Service via Catastrophic Backtracking in difflib.IS_LINE_JUNK
Jun 19, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-1060 HIGH
Python < 2.7.15 - Denial of Service via Catastrophic Backtracking in pop3lib apop()
Jun 18, 2018
CVSS 7.5
EPSS 0.01
Products
python 132 pillow 60 urllib3 19 requests 6 keyring 3 setuptools 3 black 2 pyxdg 2 typed_ast 2 Protobuf 1 beaker 1 cpython 1 hpack 1 hyper 1 jw.util 1 novajoin 1 openpyxl 1 py-bcrypt 1 pybluemonday 1 pymanager 1 pypi 1 pypiserver 1 python-gnupg 1 python_priority_library 1 pyxml 1 rply 1 rsa 1 tablib 1 tgcaptcha2 1 tkvideoplayer 1
Quick Filters
Critical CVEs With Exploits In CISA KEV