Vulnerabilities > Python
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-03 | CVE-2024-6232 | Unspecified vulnerability in Python There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | 7.5 |
2024-08-19 | CVE-2024-7592 | Unspecified vulnerability in Python There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | 7.5 |
2024-01-19 | CVE-2023-50447 | Code Injection vulnerability in multiple products Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | 8.1 |
2023-12-08 | CVE-2023-6507 | Unspecified vulnerability in Python 3.12.0/3.13.0 An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. | 4.9 |
2023-11-03 | CVE-2023-44271 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 10.0.0. | 7.5 |
2023-10-17 | CVE-2023-45803 | urllib3 is a user-friendly HTTP client library for Python. | 4.2 |
2023-10-15 | CVE-2018-25091 | Open Redirect vulnerability in Python Urllib3 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). | 6.1 |
2023-10-04 | CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. | 8.1 |
2023-08-25 | CVE-2023-40217 | Unspecified vulnerability in Python An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. | 5.3 |
2023-08-23 | CVE-2023-41105 | Untrusted Search Path vulnerability in multiple products An issue was discovered in Python 3.11 through 3.11.4. | 7.5 |