from 0, < 3.10.9-r0
CRITICAL9.8CVE-2021-29921In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. from 0, < 3.9.5-r0
from 0, < 3.7.7-r2
CRITICAL9.8Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during N…
from 0, < 3.6.8-r0
CRITICAL9.4Arbitrary writes via tarfile realpath overflow
from 0, < 3.11.13-r0
HIGH7.8Virtual environment (venv) activation scripts don't quote paths
from 0, < 3.11.11-r0
HIGH7.8python3.7 - security update
from 0, < 3.10.14-r0
HIGH7.8Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration.
from 0, < 3.10.9-r0
HIGH7.6python3.9 - security update
from 0, < 3.10.5-r0
HIGH7.5Stack overflow parsing XML with deeply nested DTD content models
from 0, < 3.14.5-r0
HIGH7.5Incomplete control character validation in http.cookies
from 0, < 3.14.5-r0
HIGH7.5Extraction filter bypass for linking outside extraction directory
from 0, < 3.11.13-r0
HIGH7.5Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
from 0, < 3.11.13-r0
HIGH7.5Regular-expression DoS when parsing TarFile headers
from 0, < 3.10.15-r0
HIGH7.5Quadratic complexity parsing cookies with backslashes
from 0, < 3.10.15-r0
HIGH7.5Incorrect IPv4 and IPv6 private ranges
from 0, < 3.10.15-r0
HIGH7.5An issue was discovered in Python before 3.11.1.
from 0, < 3.9.16-r0
HIGH7.5python3.5 - security update
from 0, < 3.6.8-r0
HIGH7.5python3.5 - security update
from 0, < 3.8.5-r0
HIGH7.5An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.
from 0, < 3.6.8-r1
HIGH7.5python2.7 - security update
from 0, < 3.7.5-r0
HIGH7.5python3.4 - security update
from 0, < 3.6.8-r0
HIGH7.5python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK m…
from 0, < 3.5.6-r0
HIGH7.5python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
from 0, < 3.5.6-r0
MEDIUM6.5Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct…
from 0, < 3.7.7-r0
MEDIUM6.2python2.7 - security update
from 0, < 3.10.14-r0
MEDIUM6.1python2.7 - security update
from 0, < 3.7.5-r0
MEDIUM5.9python2.7 - security update
from 0, < 3.8.8-r0
MEDIUM5.9python-ipaddress - security update
from 0, < 3.7.7-r1
MEDIUM5.7There's a flaw in Python 3's pydoc.
from 0, < 3.9.4-r0
MEDIUM5.5Email header injection due to unquoted newlines
from 0, < 3.10.15-r0
MEDIUM5.5In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may…
from 0, < 3.7.7-r0
MEDIUM5.3Bypass extraction filter to modify file metadata outside extraction directory
from 0, < 3.11.13-r0
MEDIUM5.3An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.
from 0, < 3.9.18-r0
MEDIUM5.3The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character.
from 0, < 3.10.15-r0
—SourcelessFileLoader does not use io.open_code()
from 0, < 3.14.5-r0
—Use-after-free in "unicode_escape" decoder with error handler
from 0, < 3.11.12-r1
—URL parser allowed square brackets in domain names
from 0, < 3.11.12-r0
—Unbounded memory buffering in SelectorSocketTransport.writelines()
from 0, < 3.12.8-r1
—Infinite loop when iterating over zip archive entry names from zipfile.Path
from 0, < 3.10.14-r2
—Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.
from 0, < 3.10.15-r0