Black

Source repositories

https://github.com/psf/black

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-2311	Psf Black	Med	0.42	6.5	0.01	May 30, 2016	Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to…
CVE-2024-21503	Psf Black	Med	0.28	5.3	0.01	Mar 19, 2024	Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of…
CVE-2026-32274	Psf Black		0.00	—	0.00	Mar 12, 2026	Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker…
CVE-2026-31900	Psf Black		0.00	—	0.00	Mar 11, 2026	Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit…
CVE-2019-15497	ONELAN Net-Top-Box		0.00	—	0.03	Aug 26, 2019	Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.

CVE-2016-2311MedMay 30, 2016
Psf
Black
risk 0.42cvss 6.5epss 0.01
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to…
CVE-2024-21503MedMar 19, 2024
Psf
Black
risk 0.28cvss 5.3epss 0.01
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of…
CVE-2026-32274Mar 12, 2026
Psf
Black
risk 0.00cvss —epss 0.00
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker…
CVE-2026-31900Mar 11, 2026
Psf
Black
risk 0.00cvss —epss 0.00
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit…
CVE-2019-15497Aug 26, 2019
ONELAN
Net-Top-Box
risk 0.00cvss —epss 0.03
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.