VYPR

Python

by Python (programming language)

Source repositories

CVEs (183)

  • CVE-2026-12003MedJun 16, 2026
    risk 0.27cvss epss 0.00

    To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the…

  • CVE-2026-5713MedApr 14, 2026
    risk 0.27cvss epss 0.00

    The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or…

  • CVE-2024-3219MedJul 29, 2024
    risk 0.26cvss epss 0.00

    The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection …

  • CVE-2018-1000030LowFeb 8, 2018
    risk 0.23cvss 3.6epss 0.01

    Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when…

  • CVE-2025-6069MedJun 17, 2025
    risk 0.21cvss 4.3epss 0.00

    The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

  • CVE-2025-71361medAug 26, 2025
    risk 0.19cvss epss 0.00

    ### Summary Using idlelib.calltip.Calltip.fetch_tip, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to…

  • CVE-2024-11168LowNov 12, 2024
    risk 0.17cvss 3.7epss 0.01

    The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

  • CVE-2024-3220LowFeb 14, 2025
    risk 0.15cvss epss 0.00

    There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be…

  • CVE-2026-4519LowMar 20, 2026
    risk 0.14cvss 3.3epss 0.00

    The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

  • CVE-2025-13462LowMar 12, 2026
    risk 0.14cvss 3.3epss 0.00

    The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to…

  • CVE-2025-1795LowFeb 28, 2025
    risk 0.08cvss epss 0.01

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header…

  • CVE-2014-1912Mar 1, 2014
    risk 0.05cvss epss 0.28

    Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

  • CVE-2008-4864Nov 1, 2008
    risk 0.05cvss epss 0.21

    Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer…

  • CVE-2014-4650Feb 20, 2020
    risk 0.04cvss epss 0.24

    The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character…

  • CVE-2007-4965Sep 18, 2007
    risk 0.04cvss epss 0.12

    Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and…

  • CVE-2007-2052Apr 16, 2007
    risk 0.04cvss epss 0.12

    Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a…

  • CVE-2021-23336Feb 15, 2021
    risk 0.03cvss epss 0.36

    The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.…

  • CVE-2007-1657Mar 24, 2007
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.

  • CVE-2023-24329Feb 17, 2023
    risk 0.02cvss epss 0.20

    An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

  • CVE-2021-3177Jan 19, 2021
    risk 0.02cvss epss 0.23

    Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This…

Page 4 of 10