Python
by Python (programming language)
Source repositories
CVEs (183)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12003 | Med | 0.27 | — | 0.00 | Jun 16, 2026 | To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the… | ||
| CVE-2026-5713 | Med | 0.27 | — | 0.00 | Apr 14, 2026 | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or… | ||
| CVE-2024-3219 | Med | 0.26 | — | 0.00 | Jul 29, 2024 | The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection … | ||
| CVE-2018-1000030 | Low | 0.23 | 3.6 | 0.01 | Feb 8, 2018 | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when… | ||
| CVE-2025-6069 | Med | 0.21 | 4.3 | 0.00 | Jun 17, 2025 | The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. | ||
| CVE-2025-71361 | med | 0.19 | — | 0.00 | Aug 26, 2025 | ### Summary Using idlelib.calltip.Calltip.fetch_tip, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to… | ||
| CVE-2024-11168 | Low | 0.17 | 3.7 | 0.01 | Nov 12, 2024 | The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | ||
| CVE-2024-3220 | Low | 0.15 | — | 0.00 | Feb 14, 2025 | There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be… | ||
| CVE-2026-4519 | Low | 0.14 | 3.3 | 0.00 | Mar 20, 2026 | The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open(). | ||
| CVE-2025-13462 | Low | 0.14 | 3.3 | 0.00 | Mar 12, 2026 | The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to… | ||
| CVE-2025-1795 | Low | 0.08 | — | 0.01 | Feb 28, 2025 | During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header… | ||
| CVE-2014-1912 | 0.05 | — | 0.28 | Mar 1, 2014 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | |||
| CVE-2008-4864 | 0.05 | — | 0.21 | Nov 1, 2008 | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer… | |||
| CVE-2014-4650 | 0.04 | — | 0.24 | Feb 20, 2020 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character… | |||
| CVE-2007-4965 | 0.04 | — | 0.12 | Sep 18, 2007 | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and… | |||
| CVE-2007-2052 | 0.04 | — | 0.12 | Apr 16, 2007 | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a… | |||
| CVE-2021-23336 | 0.03 | — | 0.36 | Feb 15, 2021 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.… | |||
| CVE-2007-1657 | 0.03 | — | 0.05 | Mar 24, 2007 | Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. | |||
| CVE-2023-24329 | 0.02 | — | 0.20 | Feb 17, 2023 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||
| CVE-2021-3177 | 0.02 | — | 0.23 | Jan 19, 2021 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This… |
- risk 0.27cvss —epss 0.00
To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the…
- risk 0.27cvss —epss 0.00
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or…
- risk 0.26cvss —epss 0.00
The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection …
- risk 0.23cvss 3.6epss 0.01
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when…
- risk 0.21cvss 4.3epss 0.00
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
- risk 0.19cvss —epss 0.00
### Summary Using idlelib.calltip.Calltip.fetch_tip, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to…
- risk 0.17cvss 3.7epss 0.01
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
- risk 0.15cvss —epss 0.00
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be…
- risk 0.14cvss 3.3epss 0.00
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().
- risk 0.14cvss 3.3epss 0.00
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to…
- risk 0.08cvss —epss 0.01
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header…
- CVE-2014-1912Mar 1, 2014risk 0.05cvss —epss 0.28
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
- CVE-2008-4864Nov 1, 2008risk 0.05cvss —epss 0.21
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer…
- CVE-2014-4650Feb 20, 2020risk 0.04cvss —epss 0.24
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character…
- CVE-2007-4965Sep 18, 2007risk 0.04cvss —epss 0.12
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and…
- CVE-2007-2052Apr 16, 2007risk 0.04cvss —epss 0.12
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a…
- CVE-2021-23336Feb 15, 2021risk 0.03cvss —epss 0.36
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking.…
- CVE-2007-1657Mar 24, 2007risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.
- CVE-2023-24329Feb 17, 2023risk 0.02cvss —epss 0.20
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
- CVE-2021-3177Jan 19, 2021risk 0.02cvss —epss 0.23
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This…
Page 4 of 10