High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-12	CVE-2019-17514	Incorrect Calculation vulnerability in Python 3.6.0/3.7.0/3.8.0 library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. network low complexity python CWE-682	7.5
2019-10-04	CVE-2019-16865	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 6.2.0. network low complexity python fedoraproject CWE-770	7.5
2019-09-06	CVE-2019-16056	An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. network low complexity python fedoraproject debian canonical redhat oracle opensuse	7.5
2019-09-04	CVE-2019-15903	XML Entity Expansion vulnerability in multiple products In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. network low complexity libexpat-project python CWE-776	7.5
2019-07-30	CVE-2019-10138	Unspecified vulnerability in Python Novajoin A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. network low complexity python	8.8
2019-07-08	CVE-2019-13404	Files or Directories Accessible to External Parties vulnerability in Python The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. local low complexity python CWE-552	7.8
2019-06-06	CVE-2019-12761	Code Injection vulnerability in Python Pyxdg 0.25 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. network high complexity python CWE-94	7.5
2019-04-18	CVE-2019-11324	Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. network low complexity python canonical CWE-295	7.5
2019-03-21	CVE-2019-6690	Improper Input Validation vulnerability in multiple products python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. network low complexity python debian opensuse suse canonical CWE-20	7.5
2018-12-23	CVE-2018-20406	Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. network low complexity python debian fedoraproject CWE-190	7.5