VYPR

Python

by Python (programming language)

Source repositories

CVEs (183)

  • CVE-2018-1000802CriSep 18, 2018
    risk 0.02cvss 9.8epss 0.21

    Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via…

  • CVE-2015-1283Jul 23, 2015
    risk 0.02cvss epss 0.19

    Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2013-0340Jan 21, 2014
    risk 0.02cvss epss 0.19

    expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read…

  • CVE-2022-48565Aug 22, 2023
    risk 0.01cvss epss 0.04

    An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

  • CVE-2021-3737Mar 4, 2022
    risk 0.01cvss epss 0.12

    A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to…

  • CVE-2021-29921May 6, 2021
    risk 0.01cvss epss 0.07

    In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2020-27619Oct 22, 2020
    risk 0.01cvss epss 0.08

    In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

  • CVE-2020-8492Jan 30, 2020
    risk 0.01cvss epss 0.07

    Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic…

  • CVE-2019-9948Mar 23, 2019
    risk 0.01cvss epss 0.12

    urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

  • CVE-2019-9740Mar 13, 2019
    risk 0.01cvss epss 0.05

    An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query…

  • CVE-2019-9636Mar 8, 2019
    risk 0.01cvss epss 0.09

    Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The…

  • CVE-2008-1887Apr 18, 2008
    risk 0.01cvss epss 0.06

    Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers…

  • CVE-2026-11972Jun 23, 2026
    risk 0.00cvss epss 0.00

    When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop.

  • CVE-2026-0864Jun 23, 2026
    risk 0.00cvss epss 0.00

    When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

  • CVE-2026-3479NonMar 18, 2026
    risk 0.00cvss epss 0.00

    DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security…

  • CVE-2025-12781Jan 21, 2026
    risk 0.00cvss epss 0.01

    When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as…

  • CVE-2025-6966Dec 5, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

  • CVE-2025-12084Dec 3, 2025
    risk 0.00cvss epss 0.01

    When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

  • CVE-2025-13837Dec 1, 2025
    risk 0.00cvss epss 0.00

    When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

  • CVE-2025-6075Oct 31, 2025
    risk 0.00cvss epss 0.00

    If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Page 5 of 10