This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

ID Activity Title Versions Status
(no priority set)
11442 24 months ago list_directory() in SimpleHTTPServer.py should add charset=... to Content-type header has patch Python 2.7, Python 2.6, Python 2.5 closed
22928 24 months ago HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699) has patch has PR Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
26171 24 months ago heap overflow in zipimporter module Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
28248 24 months ago Upgrade installers to OpenSSL 1.0.2j has patch has PR Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 closed
29591 24 months ago expat 2.2.0: Various security vulnerabilities in bundled expat (CVE-2016-0718 and CVE-2016-4472) has PR Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
30119 24 months ago (ftplib) A remote attacker could possibly attack by containing the newline characters has PR Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
30585 24 months ago [security][3.3] Backport smtplib fix for TLS stripping vulnerability, CVE-2016-0772 has PR Python 3.3 closed
32257 24 months ago Support Disabling Renegotiation for SSLContext has PR Python 3.8, Python 3.7 closed
34576 24 months ago [EASY doc] http.server, SimpleHTTPServer: warn users on security has PR Python 3.8, Python 3.7, Python 3.6, Python 2.7 closed
38804 24 months ago Regular Expression Denial of Service in http.cookiejar has PR Python 3.5 closed
39401 24 months ago [CVE-2020-8315] Unsafe dll loading in getpathp.c on Win7 has patch has PR Python 3.8, Python 3.7, Python 3.6 closed
46756 24 months ago Incorrect authorization check in urllib.request has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 closed
release blocker
1179 24 months ago [CVE-2007-4965] Integer overflow in imageop module has patch Python 2.6, Python 2.5 closed
2051 24 months ago PYO file permission problem has patch Python 3.3 closed
3627 24 months ago apple security patches need to be forward ported to py3k Python 3.0 closed
4469 24 months ago CVE-2008-5031 multiple integer overflows Python 2.4 closed
4489 24 months ago shutil.rmtree is vulnerable to a symlink attack has patch has PR Python 3.3 closed
6972 24 months ago zipfile.ZipFile overwrites files outside destination path has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
6990 24 months ago threading.local subclasses don't cleanup their state and it gets recycled has patch Python 3.0, Python 2.4, Python 3.1, Python 3.2, Python 2.7, Python 2.6, Python 2.5 closed
7250 24 months ago wsgiref.handlers.CGIHandler caches os.environ, leaking info between requests Python 3.1, Python 3.2, Python 2.7, Python 2.6 closed
11662 24 months ago Redirect vulnerability in urllib/urllib2 has patch Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 2.7, Python 2.6, Python 2.5 closed
13703 24 months ago Hash collision security issue has patch Python 3.11 closed
14340 24 months ago Update embedded copy of expat - fix security & crash issues Python 3.2 closed
14984 24 months ago netrc module allows read of non-secured .netrc file has patch Python 3.1, Python 3.2, Python 3.3, Python 3.4 closed
16248 24 months ago Security bug in tkinter allows for untrusted, arbitrary code execution. has patch Python 3.1 closed
17425 24 months ago Update OpenSSL versions in Windows builds Python 3.3, Python 3.4 closed
17997 24 months ago ssl.match_hostname(): sub string wildcard should not match IDNA prefix has patch Python 3.3, Python 3.4 closed
18709 24 months ago SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238) has patch Python 3.2 closed
19279 24 months ago UTF-7 decoder can produce inconsistent Unicode string has patch Python 3.3, Python 3.4, Python 2.7 closed
19435 24 months ago Directory traversal attack for CGIHTTPRequestHandler has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
19855 24 months ago uuid._find_mac fails if an executable not in /sbin or /usr/sbin has patch Python 3.2 closed
19913 24 months ago TR/Crypt.XPACK.Gen-4 in easy_install.exe Python 3.4 closed
21082 24 months ago os.makedirs(exist_ok=True) is not thread-safe: umask is set temporary to 0, serious security problem has patch Python 3.2 closed
21671 24 months ago CVE-2014-0224: OpenSSL upgrade to 1.0.1h on Windows required Python 3.4, Python 3.5, Python 2.7 closed
21831 24 months ago integer overflow in 'buffer' type allows reading memory Python 2.7 closed
22644 24 months ago Update Windows installers to OpenSSL 1.0.1j Python 3.4, Python 3.5, Python 2.7 closed
24603 24 months ago Update OpenSSL to 1.0.2d in Windows and OS X installer Python 3.6, Python 3.4, Python 3.5, Python 2.7 closed
24913 24 months ago deque.index() overruns deque boundary has patch Python 3.6, Python 3.5 closed
24989 24 months ago scan_eol() Buffer Over-read has patch Python 3.6, Python 3.5 closed
26556 24 months ago Update expat to 2.1.1 Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
27850 24 months ago Remove 3DES from cipher list (sweet32 CVE-2016-2183) has patch has PR Python 3.4 closed
29778 24 months ago [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath has PR Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5 closed
30730 24 months ago [security] Injecting environment variable in subprocess on Windows has PR Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
34623 24 months ago _elementtree.c doesn't call XML_SetHashSalt() has patch has PR Python 3.4, Python 3.5 closed
35121 24 months ago [CVE-2018-20852] Cookie domain check returns incorrect results has PR Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 closed
36742 24 months ago CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@ has PR Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
37463 24 months ago ssl.match_hostname() ignores extra string after whitespace in IPv4 address has PR Python 3.9, Python 3.8, Python 3.7 closed
38117 24 months ago Update to OpenSSL 1.1.1d, 1.1.0l, 1.0.2t has PR Python 3.9, Python 3.8, Python 3.7, Python 2.7 closed
38576 24 months ago CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen() has PR Python 2.7 closed
42967 24 months ago [CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator has patch has PR Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 closed
43285 24 months ago ftplib should not use the host from the PASV response has PR Python 3.7, Python 3.6 closed
43745 24 months ago ssl.OPENSSL_VERSION still reporting 1.1.1i on windows 3.8.9/3.9.4 has PR Python 3.10, Python 3.9, Python 3.8 closed
44396 24 months ago pegen _PyParser_ASTFromFile(): Use-After-Free in syntaxerror() has patch has PR Python 3.11, Python 3.10 closed
44549 24 months ago Update Windows installer to use bzip2 1.0.8 has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 closed
46948 24 months ago [CVE-2022-26488] Escalation of privilege via Windows Installer has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 closed
47194 24 months ago Upgrade to zlib v1.2.12 in CPython binary releases has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 open
deferred blocker
3886 24 months ago Integer overflow in _hashopenssl.c (CVE-2008-2316) has patch Python 3.0 closed
24917 24 months ago time_strftime() Buffer Over-read has patch Python 3.4, Python 3.5 closed
25005 24 months ago webbrowser breaks on query strings with multiple fields on Windows has patch Python 3.6, Python 3.5 closed
27288 24 months ago secrets should use getrandom() on Linux Python 3.6 closed
28563 24 months ago Arbitrary code execution in gettext.c2py has patch has PR Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
30458 24 months ago [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699) has PR Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
36384 24 months ago [security] CVE-2021-29921: ipaddress Should not reject IPv4 addresses with leading zeroes as ambiguously octal has PR Python 3.10, Python 3.9, Python 3.8 closed
43124 24 months ago [security] smtplib multiple CRLF injection has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 closed
43223 24 months ago [security] http.server: Open Redirection if the URL path starts with // has patch has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 open
critical
2586 24 months ago Integer signedness bugs in zlib modules Python 2.5 closed
5753 24 months ago CVE-2008-5983 python: untrusted python modules search path has patch Python 3.1, Python 3.2, Python 2.7, Python 2.6 closed
9061 24 months ago cgi.escape Can Lead To XSS Vulnerabilities Python 3.1, Python 3.2, Python 3.3, Python 2.7 closed
9965 24 months ago Loading malicious pickle may cause excessive memory usage Python 3.2 closed
11197 24 months ago information leakage with SimpleHTTPServer has patch Python 2.7, Python 2.6 closed
13885 24 months ago CVE-2011-3389: _ssl module always disables the CBC IV attack countermeasure has patch Python 3.1, Python 3.2, Python 3.3, Python 2.7, Python 2.6 closed
17180 24 months ago shutil copy* unsafe on POSIX - they preserve setuid/setgit bits has patch Python 3.4, Python 3.5, Python 2.7 open
17239 24 months ago XML vulnerabilities in Python has patch has PR Python 3.9, Python 3.8, Python 3.7 open
18405 24 months ago crypt.mksalt() result has unnecessarily low entropy has patch Python 3.3, Python 3.4 closed
21529 24 months ago JSON module: reading arbitrary process memory Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
21530 24 months ago Integer overflow in strop Python 2.7 closed
21766 24 months ago CGIHTTPServer File Disclosure Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
28275 24 months ago LZMADecompressor.decompress Use After Free has patch has PR Python 3.7, Python 3.6, Python 3.5 closed
32981 24 months ago Catastrophic backtracking in poplib (CVE-2018-1060) and difflib (CVE-2018-1061) has PR Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 closed
33001 24 months ago Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117) has PR Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5 closed
34155 24 months ago [CVE-2019-16056] email.utils.parseaddr mistakenly parse an email has patch has PR Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
42988 24 months ago [security] CVE-2021-3426: Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem has PR Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 closed
high
1745035 24 months ago DoS smtpd vulnerability has patch Python 3.1, Python 3.2, Python 2.7, Python 2.6, Python 2.5 closed
2004 24 months ago tarfile extractall() allows local attacker to overwrite files while extracting Python 3.0, Python 2.6, Python 2.5 closed
2587 24 months ago PyString_FromStringAndSize() to be considered unsafe Python 2.6 closed
2620 24 months ago Multiple buffer overflows in unicode processing has patch Python 2.5 closed
4126 24 months ago remove not decodable environment variables has patch Python 3.1 closed
4859 24 months ago pwd, spwd, grp functions vulnerable to denial of service has patch Python 3.0, Python 3.1 closed
5871 24 months ago email.header.Header too lax with embeded newlines has patch Python 3.1, Python 3.2, Python 2.7 closed
7673 24 months ago audioop: check that length is a multiple of the size has patch Python 3.1, Python 3.2, Python 2.7, Python 2.6 closed
8372 24 months ago socket: Buffer overrun while reading unterminated AF_UNIX addresses has patch Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 open
12017 24 months ago Decoding a highly-nested object with json (_speedups enabled) causes segfault has patch Python 3.1, Python 3.2, Python 3.3, Python 2.7 closed
12226 24 months ago use HTTPS by default for uploading packages to pypi has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
12835 24 months ago Missing SSLSocket.sendmsg() wrapper allows programs to send unencrypted data by mistake has patch Python 3.3 closed
15100 24 months ago Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile Python 3.7, Python 3.6, Python 3.5, Python 2.7 open
17129 24 months ago Include CA bundle and provide access to system's CA Python 3.2, Python 3.3, Python 3.4, Python 2.7, Python 2.6 closed
19509 24 months ago No SSL match_hostname() in ftp, imap, nntp, pop, smtp modules has patch Python 3.4 closed
20050 24 months ago distutils should check PyPI certs when connecting to it Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
20994 24 months ago Disable TLS Compression has patch Python 3.5, Python 2.7 closed
21109 24 months ago tarfile: Traversal attack vulnerability has patch has PR Python 3.9 open
22160 24 months ago Windows installers need to be updated following OpenSSL security release Python 3.4, Python 3.5, Python 2.7 closed
22885 24 months ago Arbitrary code execution vulnerability due to unchecked eval() call in dumbdbm module has patch Python 3.4, Python 3.5, Python 2.7 closed
26979 24 months ago The danger of PyType_FromSpec() Python 3.8, Python 3.7, Python 3.6 open
28022 24 months ago SSL releated deprecation for 3.6 has patch Python 3.10 closed
28043 24 months ago Sane defaults for SSLContext options and ciphers has patch has PR Python 3.7, Python 3.6 closed
29125 24 months ago Shell injection via TIX_LIBRARY when using tkinter.tix has patch Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 open
29572 24 months ago Upgrade installers to OpenSSL 1.0.2k has PR Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
32367 24 months ago [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings has PR Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 closed
33136 24 months ago Harden ssl module against CVE-2018-8970 has PR Python 3.8, Python 3.7 closed
36338 24 months ago urlparse of urllib returns wrong hostname has patch has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 open
38243 24 months ago [security][CVE-2019-16935] A reflected XSS in python/Lib/DocXMLRPCServer.py has patch has PR Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
40958 24 months ago ASAN/UBSAN: heap-buffer-overflow in pegen.c has PR Python 3.10, Python 3.9 closed
42938 24 months ago [security][CVE-2021-3177] ctypes double representation BoF has PR Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 closed
43882 24 months ago [security] CVE-2022-0391: urllib.parse should sanitize urls containing ASCII newline and tabs. has PR Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 closed
normal
1284316 24 months ago Win32: Security problem with default installation directory Python 3.5 closed
1298813 24 months ago sysmodule.c: realpath() is unsafe has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 open
1589 24 months ago New SSL module doesn't seem to verify hostname against commonName in certificate has patch Python 3.2 closed
1621 24 months ago Do not assume signed integer overflow behavior has patch has PR Python 3.8, Python 3.7, Python 3.6 closed
1950 24 months ago Potential overflows due to incorrect usage of PyUnicode_AsString. has patch Python 3.0 closed
2254 24 months ago Python CGIHTTPServer information disclosure has patch Python 3.0, Python 2.6, Python 2.5 closed
2588 24 months ago PyOS_vsnprintf() underflow leads to memory corruption Python 2.5 closed
2589 24 months ago PyOS_vsnprintf() potential integer overflow leads to memory corruption Python 2.5 closed
2590 24 months ago S_unpack_from() Read Access Violation Python 2.5 closed
2591 24 months ago ErrorHandler buffer overflow in ?unused? SGI extension module almodule.c Python 2.5 closed
2593 24 months ago alp_ReadFrames() integer overflow leads to buffer overflow Python 2.5 closed
2594 24 months ago alp_readsamps() overflow leads to memory corruption in ?unused? SGI extension module almodule.c Python 2.5 closed
2730 24 months ago file readline w+ memory dumps Python 2.5 closed
3144 24 months ago popen / popen[234] inconsistent fd behavior   closed
3596 24 months ago Provide a way to disable SSLv2 (or better yet, disable by default) Python 3.2, Python 2.7 closed
3597 24 months ago Allow application developers to select ciphers, and default to strong in ssl lib has patch Python 3.2, Python 2.7 closed
3823 24 months ago ssl.wrap_socket() is incompatible with servers that drop privileges, due to keyfile requirement Python 3.2 closed
4870 24 months ago ssl module is missing SSL_OP_NO_SSLv2 has patch Python 3.2 closed
5123 24 months ago Virus found in python-3.0.msi Python 3.0 closed
5212 24 months ago Incorrect note about md5 in hmac module documentation Python 3.1, Python 3.2, Python 2.7, Python 2.6 closed
5802 24 months ago The security descriptors of python binaries in Windows are not strict enough Python 2.6 closed
6390 24 months ago File reads past EOF in "w+b" mode Python 2.6 closed
6706 24 months ago asyncore's accept() is broken has patch Python 3.1, Python 3.2, Python 2.7 closed
7952 24 months ago fileobject.c can switch between fread and fwrite without an intervening flush or seek, invoking undefined behaviour Python 2.7 closed
8890 24 months ago Use tempfile instead of /tmp in examples has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
9077 24 months ago argparse does not handle arguments correctly after -- Python 2.7 closed
9123 24 months ago insecure os.urandom on VMS Python 3.1, Python 3.2, Python 3.3, Python 2.7, Python 2.6 closed
9129 24 months ago DoS smtpd module vulnerability has patch Python 3.1, Python 3.2, Python 2.7, Python 2.6 closed
9385 24 months ago _ctypes module uses 'rwx' mmap() calls Python 3.1, Python 3.2, Python 2.7, Python 2.6 closed
10167 24 months ago ESET Trojan Alert [python-3.1.2.amd64 ON Win7-64] Python 3.1 closed
10340 24 months ago asyncore doesn't properly handle EINVAL on OSX has patch Python 3.2, Python 3.3, Python 2.7 closed
10491 24 months ago Insecure Windows python directory permissions Python 3.1, Python 2.7 closed
10500 24 months ago Palevo.DZ worm msix86 installer 3.x installer Python 3.1, Python 3.2 closed
10714 24 months ago httpserver request length has patch Python 3.1, Python 3.2, Python 2.7 closed
10905 24 months ago zipfile: fix arcname with leading '///' or '..' has patch Python 3.3 closed
10924 24 months ago Adding salt and Modular Crypt Format to crypt library. has patch Python 3.3 closed
11172 24 months ago Avoid '.' as runpath on AIX has patch Python 3.1, Python 3.2, Python 3.3, Python 2.7 closed
11262 24 months ago re.sub replaces only first 32 matches with re.U flag Python 2.6 closed
11671 24 months ago Security hole in wsgiref.headers.Headers has patch has PR Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 open
11685 24 months ago possible SQL injection into db APIs via table names... sqlite3   closed
11912 24 months ago PaX triggers a segfault in dlopen 3rd party closed
12238 24 months ago Readline module loading in interactive mode Python 3.6, Python 3.5, Python 2.7 open
12357 24 months ago Python dist modifications for secure PyPI uploads Python 3.2, Python 2.7, Python 2.6 closed
12358 24 months ago validate server certificate when uploading packages to PyPI Python 3.1, Python 3.2, Python 2.7 closed
12989 24 months ago Consistently handle path separator in Py_GetPath on Windows has patch Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
13301 24 months ago the script Tools/i18n/msgfmt.py allows arbitrary code execution via po files has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
13617 24 months ago Reject embedded null characters in wchar* strings has patch has PR Python 3.7, Python 3.6, Python 3.5 closed
13636 24 months ago Python SSL Stack doesn't have a Secure Default set of ciphers has patch Python 3.2, Python 3.3, Python 2.7 closed
13647 24 months ago Python SSL stack doesn't securely validate certificate (as client) Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 2.7, Python 2.6 closed
13655 24 months ago Python SSL stack doesn't have a default CA Store Python 3.4 closed
13734 24 months ago Add a generic directory walker method to avoid symlink attacks has patch Python 3.3 closed
13737 24 months ago bugs.python.org/review's Django settings file DEBUG=True   closed
13891 24 months ago CPU DoS With Python's socket module Python 2.6 closed
14001 24 months ago CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request has patch Python 3.1 closed
14566 24 months ago run_cgi reverts to using unnormalized path Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 2.7 closed
14579 24 months ago CVE-2012-2135: Vulnerability in the utf-16 decoder after error handling has patch Python 3.2, Python 3.3, Python 2.7 closed
14621 24 months ago Hash function is not randomized properly has patch Python 3.3, Python 2.7 closed
14955 24 months ago hmac.secure_compare() is not time-independent for unicode strings has patch Python 3.3 closed
15061 24 months ago hmac.secure_compare() leaks information about length of strings has patch Python 3.3 closed
15445 24 months ago Ability to do code injection via logging module configuration listener port. Python 3.2, Python 3.3, Python 2.7 closed
15452 24 months ago Improve the security model for logging listener() has patch Python 3.5 closed
16112 24 months ago platform.architecture does not correctly escape argument to /usr/bin/file has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
16184 24 months ago Attack against the pseudorandom number generator Python 3.3 closed
16202 24 months ago sys.path[0] security issues has patch Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 open
16499 24 months ago CLI option for isolated mode has patch Python 3.4 closed
16632 24 months ago Enable DEP and ASLR has patch Python 3.4 closed
17016 24 months ago _sre: avoid relying on pointer overflow has patch Python 3.3, Python 3.4, Python 2.7 closed
17096 24 months ago the system keyring should be used instead of ~/.pypirc Python 3.4 closed
17102 24 months ago tarfile extract can write files outside the destination path Python 3.7, Python 3.6, Python 3.5, Python 2.7 closed
17538 24 months ago Document XML Vulnerabilties has patch Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
17634 24 months ago Win32: shutil.copy leaks file handles to child processes Python 3.4 closed
17891 24 months ago Wrong MD5 calculation on really long strings and the Hashlib Python 2.7 closed
17980 24 months ago CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names has patch Python 3.2, Python 3.3, Python 3.4 closed
18029 24 months ago Python SSL support is missing from SPARC build Python 3.2 closed
18134 24 months ago zipfile extractall accepts wrong password Python 2.7 closed
18317 24 months ago gettext: DoS via crafted Plural-Forms has patch Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 closed
19781 24 months ago No SSL match_hostname() in ftplib has patch Python 3.4 closed
19782 24 months ago No SSL match_hostname() in imaplib has patch Python 3.4 closed
19783 24 months ago No SSL match_hostname() in nntplib has patch Python 3.4 closed
19784 24 months ago No SSL match_hostname() in poplib has patch Python 3.4 closed
19785 24 months ago No SSL match_hostname() in smtplib Python 3.4 closed
20078 24 months ago zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips has patch Python 3.3, Python 3.4 closed
20246 24 months ago buffer overflow in socket.recvfrom_into has patch Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 2.7 closed
20447 24 months ago doctest.debug_script: insecure use of /tmp Python 3.1, Python 2.7 closed
20979 24 months ago Calling getdents()/readdir64() repeatedly while closing descriptors provides unexpected behaviour. Python 3.7, Python 3.6, Python 3.4, Python 3.5 open
21324 24 months ago dbhash/bsddb leaks random memory fragments to a database Python 2.7 closed
  1.. 200 out of 488 next >>  
Download as CSV
Sort on: Descending:
Descending:
Group on: Descending:
Descending: