Python

Python

126 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-8869

  • EPSS 0.06%
  • Published 24.09.2025 15:15:41
  • Last modified 24.09.2025 18:11:24

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilit...

7.8

CVE-2024-9287

  • EPSS 0.04%
  • Published 22.10.2024 17:15:06
  • Last modified 25.04.2025 23:15:16

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "sou...

7.5

CVE-2024-6232

Exploit
  • EPSS 1.55%
  • Published 03.09.2024 13:15:05
  • Last modified 20.03.2025 18:15:18

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

7.5

CVE-2024-7592

Exploit
  • EPSS 0.39%
  • Published 19.08.2024 19:15:08
  • Last modified 05.02.2025 21:13:47

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quad...

4.9

CVE-2023-6507

  • EPSS 0.04%
  • Published 08.12.2023 19:15:08
  • Last modified 21.11.2024 08:43:59

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]...

5.3

CVE-2023-40217

  • EPSS 0.34%
  • Published 25.08.2023 01:15:09
  • Last modified 21.11.2024 08:19:01

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, rec...

7.5

CVE-2023-41105

  • EPSS 0.18%
  • Published 23.08.2023 07:15:08
  • Last modified 21.11.2024 08:20:35

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejec...

9.8

CVE-2022-48565

Exploit
  • EPSS 4.12%
  • Published 22.08.2023 19:16:32
  • Last modified 21.11.2024 07:33:30

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

5.9

CVE-2022-48566

Exploit
  • EPSS 0.06%
  • Published 22.08.2023 19:16:32
  • Last modified 21.11.2024 07:33:31

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

7.5

CVE-2022-48560

Exploit
  • EPSS 0.19%
  • Published 22.08.2023 19:16:31
  • Last modified 21.11.2024 07:33:30

A use-after-free exists in Python through 3.9 via heappushpop in heapq.