python

262 tracked vulnerabilities.

CVE-2019-9636 CRITICAL
Python 2.7.x-3.7.2 - Info Disclosure
Mar 08, 2019
CVSS 9.8
EPSS 0.09
CVE-2019-6802 MEDIUM NUCLEI
pypiserver < 1.2.5 - CRLF Injection via URI
Jan 25, 2019
CVSS 6.1
EPSS 0.04
CVE-2018-25091 MEDIUM
urllib3 < 1.24.2 - Unauthenticated Credential Exposure via Cross-Origin Redirect
Oct 15, 2023
CVSS 6.1
EPSS 0.01
CVE-2018-25032 HIGH
zlib <1.2.12 - Memory Corruption
Mar 25, 2022
CVSS 7.5
EPSS 0.52
CVE-2018-20852 MEDIUM
Python 2.0-2.7.16 - Cookie Domain Validation Bypass in http.cookiejar.DefaultPolicy
Jul 13, 2019
CVSS 5.3
EPSS 0.04
CVE-2018-20406 HIGH
Python < 3.7.1 - Integer Overflow via Large LONG_BINPUT in _pickle Module
Dec 23, 2018
CVSS 7.5
EPSS 0.06
CVE-2018-20060 CRITICAL
urllib3 < 1.23 - Authorization Header Exposure via Cross-Origin Redirect
Dec 11, 2018
CVSS 9.8
EPSS 0.04
CVE-2018-18074 HIGH
python/requests < 2.20.0 - Credential Exposure via HTTPS-to-HTTP Redirect
Oct 09, 2018
CVSS 7.5
EPSS 0.07
CVE-2018-14647 HIGH
Python 2.7.0-2.7.15, 3.4.0-3.4.9, 3.5.0-3.5.6, 3.6.0-3.6.6, 3.7.0 - Denial of Service via Expat Hash Collisions
Sep 25, 2018
CVSS 7.5
EPSS 0.11
CVE-2018-1000802 CRITICAL
Python Software Foundation Python <2.7 - Command Injection
Sep 18, 2018
CVSS 9.8
EPSS 0.21
CVE-2018-1061 MEDIUM
Python < 2.7.15 - Denial of Service via Catastrophic Backtracking in difflib.IS_LINE_JUNK
Jun 19, 2018
CVSS 6.5
EPSS 0.05
CVE-2018-1060 HIGH
Python < 2.7.15 - Denial of Service via Catastrophic Backtracking in pop3lib apop()
Jun 18, 2018
CVSS 7.5
EPSS 0.05
CVE-2018-1000117 MEDIUM
CPython 3.2-3.6.4 - Buffer Overflow in os.symlink() on Windows
Mar 07, 2018
CVSS 6.7
EPSS 0.01
CVE-2018-1000030 LOW
Python < 2.7.14 - Heap-Buffer-Overflow and Use-After-Free via Race Condition
Feb 08, 2018
CVSS 3.6
EPSS 0.01
CVE-2017-20052 MEDIUM
Python 2.7.13 - Uncontrolled Search Path
Jun 16, 2022
CVSS 5.0
EPSS 0.01
CVE-2017-18207 MEDIUM
Python < 3.6.4 - Denial of Service via Crafted WAV File Channel Value
Mar 01, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-17522 HIGH
Python < 3.6.3 - Argument Injection via BROWSER Environment Variable
Dec 14, 2017
CVSS 8.8
EPSS 0.04
CVE-2017-1000158 CRITICAL
CPython < 2.7.15 - Integer Overflow to Heap-Based Buffer Overflow in PyString_DecodeEscape
Nov 17, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-9233 HIGH
libexpat < 2.2.0 - XML External Entity Injection via Malformed External Entity Definition
Jul 25, 2017
CVSS 7.5
EPSS 0.09
CVE-2017-2810 HIGH
Tablib 0.11.4 - Remote Code Execution via YAML Databook Loading
Jun 14, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-5992 HIGH
openpyxl < 2.4.2 - XML External Entity Injection via Crafted .xlsx Document
Feb 15, 2017
CVSS 8.2
EPSS 0.01
CVE-2016-1000110 MEDIUM
Python < 2.7.13 - Open Redirect via HTTP_PROXY Variable
Nov 27, 2019
CVSS 6.1
EPSS 0.05
CVE-2016-9063 CRITICAL
Firefox < 50 - Integer Overflow in Expat XML Parser
Jun 11, 2018
CVSS 9.8
EPSS 0.06
CVE-2016-3076 MEDIUM
Pillow 2.5.0-3.1.1 - Heap-Based Buffer Overflow in j2k_encode_entry
Apr 24, 2017
CVSS 5.5
EPSS 0.03
CVE-2016-9015 LOW
Python urllib3 <1.19 - Info Disclosure
Jan 11, 2017
CVSS 3.7
EPSS 0.01