VYPR

Vendor CVEs

Python (programming language)

All CVEs

310 total · sorted by risk
  • CVE-2026-4786HigApr 13, 2026
    risk 0.39cvss epss 0.00

    Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

  • CVE-2026-1299MedJan 23, 2026
    risk 0.39cvss epss 0.01

    The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that…

  • CVE-2024-4030HigMay 7, 2024
    risk 0.39cvss 7.1epss 0.00

    On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users…

  • CVE-2014-4616MedAug 24, 2017
    risk 0.39cvss 5.9epss 0.08

    Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

  • CVE-2013-7440MedJun 7, 2016
    risk 0.39cvss 5.9epss 0.02

    The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

  • CVE-2026-7774MedJun 4, 2026
    risk 0.38cvss epss 0.01

    tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files…

  • CVE-2016-3076MedApr 24, 2017
    risk 0.36cvss 5.5epss 0.03

    Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

  • CVE-2016-9189MedNov 4, 2016
    risk 0.36cvss 5.5epss 0.02

    Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

  • CVE-2016-2533MedApr 13, 2016
    risk 0.36cvss 6.5epss 0.04

    Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

  • CVE-2024-5642MedJun 27, 2024
    risk 0.35cvss 6.5epss 0.01

    CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of…

  • CVE-2016-0775MedApr 13, 2016
    risk 0.35cvss 6.5epss 0.03

    Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

  • CVE-2016-0740MedApr 13, 2016
    risk 0.35cvss 6.5epss 0.02

    Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

  • CVE-2026-3276MedJun 3, 2026
    risk 0.34cvss epss 0.00

    unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

  • CVE-2025-0938MedJan 31, 2025
    risk 0.34cvss epss 0.01

    The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This…

  • CVE-2023-27043MedApr 19, 2023
    risk 0.34cvss 5.3epss 0.03

    The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which…

  • CVE-2026-6019MedApr 22, 2026
    risk 0.33cvss 6.1epss 0.00

    http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow…

  • CVE-2024-0450MedMar 19, 2024
    risk 0.33cvss 6.2epss 0.00

    An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The…

  • CVE-2015-4706MedSep 21, 2017
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.

  • CVE-2015-4707MedSep 20, 2017
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

  • CVE-2026-3446MedApr 10, 2026
    risk 0.32cvss epss 0.00

    When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other…

  • CVE-2026-0672MedJan 20, 2026
    risk 0.32cvss epss 0.00

    When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

  • CVE-2025-15282MedJan 20, 2026
    risk 0.32cvss epss 0.00

    User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

  • CVE-2026-8328MedMay 13, 2026
    risk 0.31cvss epss 0.00

    The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw…

  • CVE-2026-0865MedJan 20, 2026
    risk 0.31cvss epss 0.00

    User-controlled header names and values containing newlines can allow injecting HTTP headers.

  • CVE-2025-15367MedJan 20, 2026
    risk 0.31cvss epss 0.00

    The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

  • CVE-2025-15366MedJan 20, 2026
    risk 0.31cvss epss 0.00

    The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

  • CVE-2025-4516MedMay 15, 2025
    risk 0.31cvss epss 0.00

    There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap…

  • CVE-2026-1502MedApr 10, 2026
    risk 0.30cvss epss 0.00

    CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

  • CVE-2026-2297MedMar 4, 2026
    risk 0.30cvss epss 0.00

    The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

  • CVE-2025-11468MedJan 20, 2026
    risk 0.30cvss epss 0.01

    When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.

  • CVE-2026-42310MedMay 9, 2026
    risk 0.29cvss 5.5epss 0.00

    Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.

  • CVE-2026-42309MedMay 9, 2026
    risk 0.29cvss 5.5epss 0.00

    Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested…

  • CVE-2026-42308MedMay 9, 2026
    risk 0.29cvss 5.5epss 0.00

    Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

  • CVE-2024-6923MedAug 1, 2024
    risk 0.29cvss 5.5epss 0.01

    There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

  • CVE-2025-8291MedOct 7, 2025
    risk 0.28cvss 4.3epss 0.00

    The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could…

  • CVE-2024-12718MedJun 3, 2025
    risk 0.28cvss 5.3epss 0.01

    Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…

  • CVE-2016-1494MedJan 13, 2016
    risk 0.28cvss 5.3epss 0.07

    The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

  • CVE-2026-12003MedJun 16, 2026
    risk 0.27cvss epss 0.00

    To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the…

  • CVE-2026-5713MedApr 14, 2026
    risk 0.27cvss epss 0.00

    The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or…

  • CVE-2024-3219MedJul 29, 2024
    risk 0.26cvss epss 0.00

    The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection …

  • CVE-2018-1000030LowFeb 8, 2018
    risk 0.23cvss 3.6epss 0.01

    Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when…

  • CVE-2025-6069MedJun 17, 2025
    risk 0.21cvss 4.3epss 0.00

    The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

  • CVE-2025-71361medAug 26, 2025
    risk 0.19cvss epss 0.00

    ### Summary Using idlelib.calltip.Calltip.fetch_tip, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to…

  • CVE-2025-71354medAug 26, 2025
    risk 0.19cvss epss 0.00

    ### Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to…

  • CVE-2024-11168LowNov 12, 2024
    risk 0.17cvss 3.7epss 0.01

    The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

  • CVE-2016-9015LowJan 11, 2017
    risk 0.17cvss 3.7epss 0.01

    Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information…

  • CVE-2024-3220LowFeb 14, 2025
    risk 0.15cvss epss 0.00

    There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be…

  • CVE-2026-4519LowMar 20, 2026
    risk 0.14cvss 3.3epss 0.00

    The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

  • CVE-2025-13462LowMar 12, 2026
    risk 0.14cvss 3.3epss 0.00

    The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to…

  • CVE-2025-1795LowFeb 28, 2025
    risk 0.08cvss epss 0.01

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header…

Page 2 of 7