Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-40217 Unspecified vulnerability in Python
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.
network
low complexity
python
5.3
2023-08-23 CVE-2023-41105 Untrusted Search Path vulnerability in Python
An issue was discovered in Python 3.11 through 3.11.4.
network
low complexity
python CWE-426
7.5
2023-08-22 CVE-2022-48560 Use After Free vulnerability in multiple products
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
network
low complexity
python debian CWE-416
7.5
2023-08-22 CVE-2022-48564 Resource Exhaustion vulnerability in Python
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
network
low complexity
python CWE-400
6.5
2023-08-22 CVE-2022-48565 XXE vulnerability in multiple products
An XML External Entity (XXE) issue was discovered in Python through 3.9.1.
network
low complexity
python debian CWE-611
critical
9.8
2023-08-22 CVE-2022-48566 Race Condition vulnerability in multiple products
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1.
network
high complexity
python debian CWE-362
8.1
2023-08-15 CVE-2023-38898 Unspecified vulnerability in Python 3.13.0
** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component.
network
low complexity
python
5.3
2023-06-25 CVE-2023-36632 Uncontrolled Recursion vulnerability in Python
** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument.
network
low complexity
python CWE-674
7.5
2023-06-07 CVE-2023-33595 Use After Free vulnerability in Python Cpython 3.12.0
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
local
low complexity
python CWE-416
5.5
2023-05-26 CVE-2023-32681 Information Exposure vulnerability in multiple products
Requests is a HTTP library.
network
high complexity
python fedoraproject CWE-200
6.1