Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-48565 | XXE vulnerability in multiple products An XML External Entity (XXE) issue was discovered in Python through 3.9.1. | 9.8 |
| 2023-08-22 | CVE-2022-48566 | Race Condition vulnerability in multiple products An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. | 5.9 |
| 2023-08-15 | CVE-2023-38898 | Unspecified vulnerability in Python 3.13.0 An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. | 5.3 |
| 2023-06-25 | CVE-2023-36632 | Uncontrolled Recursion vulnerability in Python The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. | 7.5 |
| 2023-06-07 | CVE-2023-33595 | Use After Free vulnerability in Python 3.12.0 CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | 5.5 |
| 2023-05-26 | CVE-2023-32681 | Information Exposure vulnerability in multiple products Requests is a HTTP library. | 6.1 |
| 2023-04-19 | CVE-2023-27043 | Improper Input Validation vulnerability in Python The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. | 5.3 |
| 2023-02-17 | CVE-2023-24329 | Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 |
| 2022-12-23 | CVE-2022-40897 | Unspecified vulnerability in Python Setuptools Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. | 5.9 |
| 2022-11-14 | CVE-2022-45198 | Unspecified vulnerability in Python Pillow Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). | 7.5 |