Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-50447 Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python debian CWE-94
8.1
2023-12-08 CVE-2023-6507 Unspecified vulnerability in Python 3.12.0/3.13.0
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms.
network
low complexity
python
4.9
2023-11-03 CVE-2023-44271 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python fedoraproject CWE-770
7.5
2023-10-17 CVE-2023-45803 Information Exposure vulnerability in multiple products
urllib3 is a user-friendly HTTP client library for Python.
high complexity
python fedoraproject CWE-200
4.2
2023-10-15 CVE-2018-25091 Open Redirect vulnerability in Python Urllib3 1.10.2
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme).
network
low complexity
python CWE-601
6.1
2023-10-04 CVE-2023-43804 Information Exposure vulnerability in multiple products
urllib3 is a user-friendly HTTP client library for Python.
network
low complexity
python debian fedoraproject CWE-200
8.1
2023-08-25 CVE-2023-40217 Unspecified vulnerability in Python
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.
network
low complexity
python
5.3
2023-08-23 CVE-2023-41105 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Python 3.11 through 3.11.4.
network
low complexity
python netapp CWE-426
7.5
2023-08-22 CVE-2022-48560 Use After Free vulnerability in multiple products
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
network
low complexity
python debian CWE-416
7.5
2023-08-22 CVE-2022-48564 Resource Exhaustion vulnerability in multiple products
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
network
low complexity
python netapp CWE-400
6.5