VYPR

Vendor CVEs

Python (programming language)

All CVEs

310 total · sorted by risk
  • CVE-2016-5636CriSep 2, 2016
    risk 0.66cvss 9.8epss 0.26

    Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

  • CVE-2007-4559CriAug 28, 2007
    risk 0.66cvss 9.8epss 0.27

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

  • CVE-2016-0718CriMay 26, 2016
    risk 0.65cvss 9.8epss 0.13

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2017-1000158CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.08

    CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

  • CVE-2016-0088CriApr 12, 2016
    risk 0.61cvss 9.3epss 0.08

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."

  • CVE-2014-0224HigJun 5, 2014
    risk 0.59cvss 7.4epss 0.95

    OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and…

  • CVE-2017-17522HigDec 14, 2017
    risk 0.57cvss 8.8epss 0.04

    Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that…

  • CVE-2016-4009CriApr 13, 2016
    risk 0.57cvss 9.8epss 0.08

    Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

  • CVE-2016-2183HigSep 1, 2016
    risk 0.56cvss 7.5epss 0.96

    The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a…

  • CVE-2025-4517CriJun 3, 2025
    risk 0.54cvss 9.4epss 0.01

    Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the…

  • CVE-2016-4472HigJun 30, 2016
    risk 0.54cvss 8.1epss 0.12

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix…

  • CVE-2017-5992HigFeb 15, 2017
    risk 0.53cvss 8.2epss 0.01

    Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

  • CVE-2026-6100CriApr 13, 2026
    risk 0.52cvss epss 0.01

    Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The…

  • CVE-2016-9190HigNov 4, 2016
    risk 0.51cvss 7.8epss 0.02

    Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

  • CVE-2026-3298HigApr 21, 2026
    risk 0.50cvss epss 0.00

    The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not…

  • CVE-2024-8088HigAug 22, 2024
    risk 0.50cvss epss 0.01

    There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like…

  • CVE-2018-14647HigSep 25, 2018
    risk 0.50cvss 7.5epss 0.11

    Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data…

  • CVE-2015-5607HigSep 20, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery in the REST API in IPython 2 and 3.

  • CVE-2025-13836HigDec 1, 2025
    risk 0.49cvss 7.5epss 0.02

    When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

  • CVE-2018-1060HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.05

    python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

  • CVE-2017-9233HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.09

    XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

  • CVE-2016-6581HigJan 10, 2017
    risk 0.49cvss 7.5epss 0.02

    A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the…

  • CVE-2016-1000032HigOct 25, 2016
    risk 0.49cvss 7.5epss 0.01

    TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.

  • CVE-2026-9669HigJun 8, 2026
    risk 0.46cvss epss 0.00

    bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to…

  • CVE-2016-0772MedSep 2, 2016
    risk 0.46cvss 6.5epss 0.15

    The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and…

  • CVE-2016-0090HigApr 12, 2016
    risk 0.46cvss 7.1epss 0.03

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

  • CVE-2016-0089HigApr 12, 2016
    risk 0.46cvss 7.1epss 0.03

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

  • CVE-2026-42311HigMay 9, 2026
    risk 0.44cvss 7.8epss 0.00

    Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

  • CVE-2026-5271HigApr 1, 2026
    risk 0.44cvss 7.8epss 0.00

    pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker-controlled directory, a malicious…

  • CVE-2023-6597HigMar 19, 2024
    risk 0.44cvss 7.8epss 0.00

    An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which…

  • CVE-2016-3189MedJun 30, 2016
    risk 0.44cvss 6.5epss 0.16

    Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

  • CVE-2018-1061MedJun 19, 2018
    risk 0.43cvss 6.5epss 0.05

    python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

  • CVE-2026-44432HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2)…

  • CVE-2026-7210HigMay 11, 2026
    risk 0.42cvss 7.5epss 0.01

    `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying…

  • CVE-2026-3087HigApr 27, 2026
    risk 0.42cvss 7.5epss 0.01

    If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.

  • CVE-2026-40192HigApr 15, 2026
    risk 0.42cvss 7.5epss 0.01

    Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption,…

  • CVE-2026-4224HigMar 16, 2026
    risk 0.42cvss 7.5epss 0.01

    When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

  • CVE-2026-3644HigMar 16, 2026
    risk 0.42cvss 7.5epss 0.00

    The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the…

  • CVE-2026-25990HigFeb 11, 2026
    risk 0.42cvss 7.5epss 0.00

    Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

  • CVE-2025-8194HigJul 28, 2025
    risk 0.42cvss 7.5epss 0.01

    There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of…

  • CVE-2025-4435HigJun 3, 2025
    risk 0.42cvss 7.5epss 0.00

    When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and…

  • CVE-2025-4330HigJun 3, 2025
    risk 0.42cvss 7.5epss 0.01

    Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…

  • CVE-2025-4138HigJun 3, 2025
    risk 0.42cvss 7.5epss 0.01

    Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…

  • CVE-2024-12254HigDec 6, 2024
    risk 0.42cvss 7.5epss 0.02

    Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically…

  • CVE-2024-4032HigJun 17, 2024
    risk 0.42cvss 7.5epss 0.01

    The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network,…

  • CVE-2017-18207MedMar 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue…

  • CVE-2017-2810HigJun 14, 2017
    risk 0.42cvss 7.5epss 0.05

    An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

  • CVE-2016-6580HigJan 10, 2017
    risk 0.42cvss 7.5epss 0.02

    A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the…

  • CVE-2024-0397HigJun 17, 2024
    risk 0.41cvss 7.4epss 0.01

    A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are…

  • CVE-2016-5699MedSep 2, 2016
    risk 0.40cvss 6.1epss 0.10

    CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

Page 1 of 7