Python

Python

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-12781

Exploit
  • EPSS 0.04%
  • Veröffentlicht 21.01.2026 19:34:47
  • Zuletzt bearbeitet 02.02.2026 17:25:23

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alterna...

5.3

CVE-2025-12084

  • EPSS 0.09%
  • Veröffentlicht 03.12.2025 18:55:32
  • Zuletzt bearbeitet 26.01.2026 15:16:05

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

9.1

CVE-2025-13836

  • EPSS 0.1%
  • Veröffentlicht 01.12.2025 18:16:04
  • Zuletzt bearbeitet 26.01.2026 15:16:06

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or ...

5.5

CVE-2025-13837

  • EPSS 0.02%
  • Veröffentlicht 01.12.2025 18:16:04
  • Zuletzt bearbeitet 15.01.2026 19:08:31

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

5.5

CVE-2025-6075

  • EPSS 0.03%
  • Veröffentlicht 31.10.2025 16:41:34
  • Zuletzt bearbeitet 04.02.2026 19:05:15

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

8.9

CVE-2025-12060

  • EPSS 0.1%
  • Veröffentlicht 30.10.2025 17:15:37
  • Zuletzt bearbeitet 04.11.2025 15:41:56

The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can c...

5.9

CVE-2025-8869

  • EPSS 0.02%
  • Veröffentlicht 24.09.2025 15:15:41
  • Zuletzt bearbeitet 03.11.2025 18:17:02

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilit...

7.8

CVE-2024-9287

  • EPSS 0.06%
  • Veröffentlicht 22.10.2024 17:15:06
  • Zuletzt bearbeitet 03.11.2025 23:17:33

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "sou...

7.5

CVE-2024-6232

Exploit
  • EPSS 3.18%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 03.11.2025 23:17:30

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

7.5

CVE-2024-7592

Exploit
  • EPSS 0.8%
  • Veröffentlicht 19.08.2024 19:15:08
  • Zuletzt bearbeitet 03.11.2025 23:17:31

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quad...