This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
ID | Activity | Title | Versions | Status | ||
---|---|---|---|---|---|---|
(no priority set) | ||||||
11442 | 24 months ago | list_directory() in SimpleHTTPServer.py should add charset=... to Content-type header | Python 2.7, Python 2.6, Python 2.5 | closed | ||
22928 | 24 months ago | HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699) | Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
26171 | 24 months ago | heap overflow in zipimporter module | Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
28248 | 24 months ago | Upgrade installers to OpenSSL 1.0.2j | Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 | closed | ||
29591 | 24 months ago | expat 2.2.0: Various security vulnerabilities in bundled expat (CVE-2016-0718 and CVE-2016-4472) | Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
30119 | 24 months ago | (ftplib) A remote attacker could possibly attack by containing the newline characters | Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
30585 | 24 months ago | [security][3.3] Backport smtplib fix for TLS stripping vulnerability, CVE-2016-0772 | Python 3.3 | closed | ||
32257 | 24 months ago | Support Disabling Renegotiation for SSLContext | Python 3.8, Python 3.7 | closed | ||
34576 | 24 months ago | [EASY doc] http.server, SimpleHTTPServer: warn users on security | Python 3.8, Python 3.7, Python 3.6, Python 2.7 | closed | ||
38804 | 24 months ago | Regular Expression Denial of Service in http.cookiejar | Python 3.5 | closed | ||
39401 | 24 months ago | [CVE-2020-8315] Unsafe dll loading in getpathp.c on Win7 | Python 3.8, Python 3.7, Python 3.6 | closed | ||
46756 | 24 months ago | Incorrect authorization check in urllib.request | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 | closed | ||
release blocker | ||||||
1179 | 24 months ago | [CVE-2007-4965] Integer overflow in imageop module | Python 2.6, Python 2.5 | closed | ||
2051 | 24 months ago | PYO file permission problem | Python 3.3 | closed | ||
3627 | 24 months ago | apple security patches need to be forward ported to py3k | Python 3.0 | closed | ||
4469 | 24 months ago | CVE-2008-5031 multiple integer overflows | Python 2.4 | closed | ||
4489 | 24 months ago | shutil.rmtree is vulnerable to a symlink attack | Python 3.3 | closed | ||
6972 | 24 months ago | zipfile.ZipFile overwrites files outside destination path | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
6990 | 24 months ago | threading.local subclasses don't cleanup their state and it gets recycled | Python 3.0, Python 2.4, Python 3.1, Python 3.2, Python 2.7, Python 2.6, Python 2.5 | closed | ||
7250 | 24 months ago | wsgiref.handlers.CGIHandler caches os.environ, leaking info between requests | Python 3.1, Python 3.2, Python 2.7, Python 2.6 | closed | ||
11662 | 24 months ago | Redirect vulnerability in urllib/urllib2 | Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 2.7, Python 2.6, Python 2.5 | closed | ||
13703 | 24 months ago | Hash collision security issue | Python 3.11 | closed | ||
14340 | 24 months ago | Update embedded copy of expat - fix security & crash issues | Python 3.2 | closed | ||
14984 | 24 months ago | netrc module allows read of non-secured .netrc file | Python 3.1, Python 3.2, Python 3.3, Python 3.4 | closed | ||
16248 | 24 months ago | Security bug in tkinter allows for untrusted, arbitrary code execution. | Python 3.1 | closed | ||
17425 | 24 months ago | Update OpenSSL versions in Windows builds | Python 3.3, Python 3.4 | closed | ||
17997 | 24 months ago | ssl.match_hostname(): sub string wildcard should not match IDNA prefix | Python 3.3, Python 3.4 | closed | ||
18709 | 24 months ago | SSL module fails to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238) | Python 3.2 | closed | ||
19279 | 24 months ago | UTF-7 decoder can produce inconsistent Unicode string | Python 3.3, Python 3.4, Python 2.7 | closed | ||
19435 | 24 months ago | Directory traversal attack for CGIHTTPRequestHandler | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
19855 | 24 months ago | uuid._find_mac fails if an executable not in /sbin or /usr/sbin | Python 3.2 | closed | ||
19913 | 24 months ago | TR/Crypt.XPACK.Gen-4 in easy_install.exe | Python 3.4 | closed | ||
21082 | 24 months ago | os.makedirs(exist_ok=True) is not thread-safe: umask is set temporary to 0, serious security problem | Python 3.2 | closed | ||
21671 | 24 months ago | CVE-2014-0224: OpenSSL upgrade to 1.0.1h on Windows required | Python 3.4, Python 3.5, Python 2.7 | closed | ||
21831 | 24 months ago | integer overflow in 'buffer' type allows reading memory | Python 2.7 | closed | ||
22644 | 24 months ago | Update Windows installers to OpenSSL 1.0.1j | Python 3.4, Python 3.5, Python 2.7 | closed | ||
24603 | 24 months ago | Update OpenSSL to 1.0.2d in Windows and OS X installer | Python 3.6, Python 3.4, Python 3.5, Python 2.7 | closed | ||
24913 | 24 months ago | deque.index() overruns deque boundary | Python 3.6, Python 3.5 | closed | ||
24989 | 24 months ago | scan_eol() Buffer Over-read | Python 3.6, Python 3.5 | closed | ||
26556 | 24 months ago | Update expat to 2.1.1 | Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
27850 | 24 months ago | Remove 3DES from cipher list (sweet32 CVE-2016-2183) | Python 3.4 | closed | ||
29778 | 24 months ago | [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath | Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5 | closed | ||
30730 | 24 months ago | [security] Injecting environment variable in subprocess on Windows | Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
34623 | 24 months ago | _elementtree.c doesn't call XML_SetHashSalt() | Python 3.4, Python 3.5 | closed | ||
35121 | 24 months ago | [CVE-2018-20852] Cookie domain check returns incorrect results | Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 | closed | ||
36742 | 24 months ago | CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@ | Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
37463 | 24 months ago | ssl.match_hostname() ignores extra string after whitespace in IPv4 address | Python 3.9, Python 3.8, Python 3.7 | closed | ||
38117 | 24 months ago | Update to OpenSSL 1.1.1d, 1.1.0l, 1.0.2t | Python 3.9, Python 3.8, Python 3.7, Python 2.7 | closed | ||
38576 | 24 months ago | CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen() | Python 2.7 | closed | ||
42967 | 24 months ago | [CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator | Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | closed | ||
43285 | 24 months ago | ftplib should not use the host from the PASV response | Python 3.7, Python 3.6 | closed | ||
43745 | 24 months ago | ssl.OPENSSL_VERSION still reporting 1.1.1i on windows 3.8.9/3.9.4 | Python 3.10, Python 3.9, Python 3.8 | closed | ||
44396 | 24 months ago | pegen _PyParser_ASTFromFile(): Use-After-Free in syntaxerror() | Python 3.11, Python 3.10 | closed | ||
44549 | 24 months ago | Update Windows installer to use bzip2 1.0.8 | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 | closed | ||
46948 | 24 months ago | [CVE-2022-26488] Escalation of privilege via Windows Installer | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 | closed | ||
47194 | 24 months ago | Upgrade to zlib v1.2.12 in CPython binary releases | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 | open | ||
deferred blocker | ||||||
3886 | 24 months ago | Integer overflow in _hashopenssl.c (CVE-2008-2316) | Python 3.0 | closed | ||
24917 | 24 months ago | time_strftime() Buffer Over-read | Python 3.4, Python 3.5 | closed | ||
25005 | 24 months ago | webbrowser breaks on query strings with multiple fields on Windows | Python 3.6, Python 3.5 | closed | ||
27288 | 24 months ago | secrets should use getrandom() on Linux | Python 3.6 | closed | ||
28563 | 24 months ago | Arbitrary code execution in gettext.c2py | Python 3.7, Python 3.6, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
30458 | 24 months ago | [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699) | Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
36384 | 24 months ago | [security] CVE-2021-29921: ipaddress Should not reject IPv4 addresses with leading zeroes as ambiguously octal | Python 3.10, Python 3.9, Python 3.8 | closed | ||
43124 | 24 months ago | [security] smtplib multiple CRLF injection | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | closed | ||
43223 | 24 months ago | [security] http.server: Open Redirection if the URL path starts with // | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | open | ||
critical | ||||||
2586 | 24 months ago | Integer signedness bugs in zlib modules | Python 2.5 | closed | ||
5753 | 24 months ago | CVE-2008-5983 python: untrusted python modules search path | Python 3.1, Python 3.2, Python 2.7, Python 2.6 | closed | ||
9061 | 24 months ago | cgi.escape Can Lead To XSS Vulnerabilities | Python 3.1, Python 3.2, Python 3.3, Python 2.7 | closed | ||
9965 | 24 months ago | Loading malicious pickle may cause excessive memory usage | Python 3.2 | closed | ||
11197 | 24 months ago | information leakage with SimpleHTTPServer | Python 2.7, Python 2.6 | closed | ||
13885 | 24 months ago | CVE-2011-3389: _ssl module always disables the CBC IV attack countermeasure | Python 3.1, Python 3.2, Python 3.3, Python 2.7, Python 2.6 | closed | ||
17180 | 24 months ago | shutil copy* unsafe on POSIX - they preserve setuid/setgit bits | Python 3.4, Python 3.5, Python 2.7 | open | ||
17239 | 24 months ago | XML vulnerabilities in Python | Python 3.9, Python 3.8, Python 3.7 | open | ||
18405 | 24 months ago | crypt.mksalt() result has unnecessarily low entropy | Python 3.3, Python 3.4 | closed | ||
21529 | 24 months ago | JSON module: reading arbitrary process memory | Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
21530 | 24 months ago | Integer overflow in strop | Python 2.7 | closed | ||
21766 | 24 months ago | CGIHTTPServer File Disclosure | Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
28275 | 24 months ago | LZMADecompressor.decompress Use After Free | Python 3.7, Python 3.6, Python 3.5 | closed | ||
32981 | 24 months ago | Catastrophic backtracking in poplib (CVE-2018-1060) and difflib (CVE-2018-1061) | Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 | closed | ||
33001 | 24 months ago | Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117) | Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5 | closed | ||
34155 | 24 months ago | [CVE-2019-16056] email.utils.parseaddr mistakenly parse an email | Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
42988 | 24 months ago | [security] CVE-2021-3426: Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem | Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | closed | ||
high | ||||||
1745035 | 24 months ago | DoS smtpd vulnerability | Python 3.1, Python 3.2, Python 2.7, Python 2.6, Python 2.5 | closed | ||
2004 | 24 months ago | tarfile extractall() allows local attacker to overwrite files while extracting | Python 3.0, Python 2.6, Python 2.5 | closed | ||
2587 | 24 months ago | PyString_FromStringAndSize() to be considered unsafe | Python 2.6 | closed | ||
2620 | 24 months ago | Multiple buffer overflows in unicode processing | Python 2.5 | closed | ||
4126 | 24 months ago | remove not decodable environment variables | Python 3.1 | closed | ||
4859 | 24 months ago | pwd, spwd, grp functions vulnerable to denial of service | Python 3.0, Python 3.1 | closed | ||
5871 | 24 months ago | email.header.Header too lax with embeded newlines | Python 3.1, Python 3.2, Python 2.7 | closed | ||
7673 | 24 months ago | audioop: check that length is a multiple of the size | Python 3.1, Python 3.2, Python 2.7, Python 2.6 | closed | ||
8372 | 24 months ago | socket: Buffer overrun while reading unterminated AF_UNIX addresses | Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 | open | ||
12017 | 24 months ago | Decoding a highly-nested object with json (_speedups enabled) causes segfault | Python 3.1, Python 3.2, Python 3.3, Python 2.7 | closed | ||
12226 | 24 months ago | use HTTPS by default for uploading packages to pypi | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
12835 | 24 months ago | Missing SSLSocket.sendmsg() wrapper allows programs to send unencrypted data by mistake | Python 3.3 | closed | ||
15100 | 24 months ago | Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile | Python 3.7, Python 3.6, Python 3.5, Python 2.7 | open | ||
17129 | 24 months ago | Include CA bundle and provide access to system's CA | Python 3.2, Python 3.3, Python 3.4, Python 2.7, Python 2.6 | closed | ||
19509 | 24 months ago | No SSL match_hostname() in ftp, imap, nntp, pop, smtp modules | Python 3.4 | closed | ||
20050 | 24 months ago | distutils should check PyPI certs when connecting to it | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
20994 | 24 months ago | Disable TLS Compression | Python 3.5, Python 2.7 | closed | ||
21109 | 24 months ago | tarfile: Traversal attack vulnerability | Python 3.9 | open | ||
22160 | 24 months ago | Windows installers need to be updated following OpenSSL security release | Python 3.4, Python 3.5, Python 2.7 | closed | ||
22885 | 24 months ago | Arbitrary code execution vulnerability due to unchecked eval() call in dumbdbm module | Python 3.4, Python 3.5, Python 2.7 | closed | ||
26979 | 24 months ago | The danger of PyType_FromSpec() | Python 3.8, Python 3.7, Python 3.6 | open | ||
28022 | 24 months ago | SSL releated deprecation for 3.6 | Python 3.10 | closed | ||
28043 | 24 months ago | Sane defaults for SSLContext options and ciphers | Python 3.7, Python 3.6 | closed | ||
29125 | 24 months ago | Shell injection via TIX_LIBRARY when using tkinter.tix | Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 | open | ||
29572 | 24 months ago | Upgrade installers to OpenSSL 1.0.2k | Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
32367 | 24 months ago | [Security] CVE-2017-17522: webbrowser.py in Python does not validate strings | Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 | closed | ||
33136 | 24 months ago | Harden ssl module against CVE-2018-8970 | Python 3.8, Python 3.7 | closed | ||
36338 | 24 months ago | urlparse of urllib returns wrong hostname | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7 | open | ||
38243 | 24 months ago | [security][CVE-2019-16935] A reflected XSS in python/Lib/DocXMLRPCServer.py | Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
40958 | 24 months ago | ASAN/UBSAN: heap-buffer-overflow in pegen.c | Python 3.10, Python 3.9 | closed | ||
42938 | 24 months ago | [security][CVE-2021-3177] ctypes double representation BoF | Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | closed | ||
43882 | 24 months ago | [security] CVE-2022-0391: urllib.parse should sanitize urls containing ASCII newline and tabs. | Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | closed | ||
normal | ||||||
1284316 | 24 months ago | Win32: Security problem with default installation directory | Python 3.5 | closed | ||
1298813 | 24 months ago | sysmodule.c: realpath() is unsafe | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | open | ||
1589 | 24 months ago | New SSL module doesn't seem to verify hostname against commonName in certificate | Python 3.2 | closed | ||
1621 | 24 months ago | Do not assume signed integer overflow behavior | Python 3.8, Python 3.7, Python 3.6 | closed | ||
1950 | 24 months ago | Potential overflows due to incorrect usage of PyUnicode_AsString. | Python 3.0 | closed | ||
2254 | 24 months ago | Python CGIHTTPServer information disclosure | Python 3.0, Python 2.6, Python 2.5 | closed | ||
2588 | 24 months ago | PyOS_vsnprintf() underflow leads to memory corruption | Python 2.5 | closed | ||
2589 | 24 months ago | PyOS_vsnprintf() potential integer overflow leads to memory corruption | Python 2.5 | closed | ||
2590 | 24 months ago | S_unpack_from() Read Access Violation | Python 2.5 | closed | ||
2591 | 24 months ago | ErrorHandler buffer overflow in ?unused? SGI extension module almodule.c | Python 2.5 | closed | ||
2593 | 24 months ago | alp_ReadFrames() integer overflow leads to buffer overflow | Python 2.5 | closed | ||
2594 | 24 months ago | alp_readsamps() overflow leads to memory corruption in ?unused? SGI extension module almodule.c | Python 2.5 | closed | ||
2730 | 24 months ago | file readline w+ memory dumps | Python 2.5 | closed | ||
3144 | 24 months ago | popen / popen[234] inconsistent fd behavior | closed | |||
3596 | 24 months ago | Provide a way to disable SSLv2 (or better yet, disable by default) | Python 3.2, Python 2.7 | closed | ||
3597 | 24 months ago | Allow application developers to select ciphers, and default to strong in ssl lib | Python 3.2, Python 2.7 | closed | ||
3823 | 24 months ago | ssl.wrap_socket() is incompatible with servers that drop privileges, due to keyfile requirement | Python 3.2 | closed | ||
4870 | 24 months ago | ssl module is missing SSL_OP_NO_SSLv2 | Python 3.2 | closed | ||
5123 | 24 months ago | Virus found in python-3.0.msi | Python 3.0 | closed | ||
5212 | 24 months ago | Incorrect note about md5 in hmac module documentation | Python 3.1, Python 3.2, Python 2.7, Python 2.6 | closed | ||
5802 | 24 months ago | The security descriptors of python binaries in Windows are not strict enough | Python 2.6 | closed | ||
6390 | 24 months ago | File reads past EOF in "w+b" mode | Python 2.6 | closed | ||
6706 | 24 months ago | asyncore's accept() is broken | Python 3.1, Python 3.2, Python 2.7 | closed | ||
7952 | 24 months ago | fileobject.c can switch between fread and fwrite without an intervening flush or seek, invoking undefined behaviour | Python 2.7 | closed | ||
8890 | 24 months ago | Use tempfile instead of /tmp in examples | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
9077 | 24 months ago | argparse does not handle arguments correctly after -- | Python 2.7 | closed | ||
9123 | 24 months ago | insecure os.urandom on VMS | Python 3.1, Python 3.2, Python 3.3, Python 2.7, Python 2.6 | closed | ||
9129 | 24 months ago | DoS smtpd module vulnerability | Python 3.1, Python 3.2, Python 2.7, Python 2.6 | closed | ||
9385 | 24 months ago | _ctypes module uses 'rwx' mmap() calls | Python 3.1, Python 3.2, Python 2.7, Python 2.6 | closed | ||
10167 | 24 months ago | ESET Trojan Alert [python-3.1.2.amd64 ON Win7-64] | Python 3.1 | closed | ||
10340 | 24 months ago | asyncore doesn't properly handle EINVAL on OSX | Python 3.2, Python 3.3, Python 2.7 | closed | ||
10491 | 24 months ago | Insecure Windows python directory permissions | Python 3.1, Python 2.7 | closed | ||
10500 | 24 months ago | Palevo.DZ worm msix86 installer 3.x installer | Python 3.1, Python 3.2 | closed | ||
10714 | 24 months ago | httpserver request length | Python 3.1, Python 3.2, Python 2.7 | closed | ||
10905 | 24 months ago | zipfile: fix arcname with leading '///' or '..' | Python 3.3 | closed | ||
10924 | 24 months ago | Adding salt and Modular Crypt Format to crypt library. | Python 3.3 | closed | ||
11172 | 24 months ago | Avoid '.' as runpath on AIX | Python 3.1, Python 3.2, Python 3.3, Python 2.7 | closed | ||
11262 | 24 months ago | re.sub replaces only first 32 matches with re.U flag | Python 2.6 | closed | ||
11671 | 24 months ago | Security hole in wsgiref.headers.Headers | Python 3.9, Python 3.8, Python 3.7, Python 3.6, Python 3.5, Python 2.7 | open | ||
11685 | 24 months ago | possible SQL injection into db APIs via table names... sqlite3 | closed | |||
11912 | 24 months ago | PaX triggers a segfault in dlopen | 3rd party | closed | ||
12238 | 24 months ago | Readline module loading in interactive mode | Python 3.6, Python 3.5, Python 2.7 | open | ||
12357 | 24 months ago | Python dist modifications for secure PyPI uploads | Python 3.2, Python 2.7, Python 2.6 | closed | ||
12358 | 24 months ago | validate server certificate when uploading packages to PyPI | Python 3.1, Python 3.2, Python 2.7 | closed | ||
12989 | 24 months ago | Consistently handle path separator in Py_GetPath on Windows | Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
13301 | 24 months ago | the script Tools/i18n/msgfmt.py allows arbitrary code execution via po files | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
13617 | 24 months ago | Reject embedded null characters in wchar* strings | Python 3.7, Python 3.6, Python 3.5 | closed | ||
13636 | 24 months ago | Python SSL Stack doesn't have a Secure Default set of ciphers | Python 3.2, Python 3.3, Python 2.7 | closed | ||
13647 | 24 months ago | Python SSL stack doesn't securely validate certificate (as client) | Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 2.7, Python 2.6 | closed | ||
13655 | 24 months ago | Python SSL stack doesn't have a default CA Store | Python 3.4 | closed | ||
13734 | 24 months ago | Add a generic directory walker method to avoid symlink attacks | Python 3.3 | closed | ||
13737 | 24 months ago | bugs.python.org/review's Django settings file DEBUG=True | closed | |||
13891 | 24 months ago | CPU DoS With Python's socket module | Python 2.6 | closed | ||
14001 | 24 months ago | CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request | Python 3.1 | closed | ||
14566 | 24 months ago | run_cgi reverts to using unnormalized path | Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 2.7 | closed | ||
14579 | 24 months ago | CVE-2012-2135: Vulnerability in the utf-16 decoder after error handling | Python 3.2, Python 3.3, Python 2.7 | closed | ||
14621 | 24 months ago | Hash function is not randomized properly | Python 3.3, Python 2.7 | closed | ||
14955 | 24 months ago | hmac.secure_compare() is not time-independent for unicode strings | Python 3.3 | closed | ||
15061 | 24 months ago | hmac.secure_compare() leaks information about length of strings | Python 3.3 | closed | ||
15445 | 24 months ago | Ability to do code injection via logging module configuration listener port. | Python 3.2, Python 3.3, Python 2.7 | closed | ||
15452 | 24 months ago | Improve the security model for logging listener() | Python 3.5 | closed | ||
16112 | 24 months ago | platform.architecture does not correctly escape argument to /usr/bin/file | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
16184 | 24 months ago | Attack against the pseudorandom number generator | Python 3.3 | closed | ||
16202 | 24 months ago | sys.path[0] security issues | Python 3.10, Python 3.9, Python 3.8, Python 3.7, Python 3.6 | open | ||
16499 | 24 months ago | CLI option for isolated mode | Python 3.4 | closed | ||
16632 | 24 months ago | Enable DEP and ASLR | Python 3.4 | closed | ||
17016 | 24 months ago | _sre: avoid relying on pointer overflow | Python 3.3, Python 3.4, Python 2.7 | closed | ||
17096 | 24 months ago | the system keyring should be used instead of ~/.pypirc | Python 3.4 | closed | ||
17102 | 24 months ago | tarfile extract can write files outside the destination path | Python 3.7, Python 3.6, Python 3.5, Python 2.7 | closed | ||
17538 | 24 months ago | Document XML Vulnerabilties | Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
17634 | 24 months ago | Win32: shutil.copy leaks file handles to child processes | Python 3.4 | closed | ||
17891 | 24 months ago | Wrong MD5 calculation on really long strings and the Hashlib | Python 2.7 | closed | ||
17980 | 24 months ago | CVE-2013-2099 ssl.match_hostname() trips over crafted wildcard names | Python 3.2, Python 3.3, Python 3.4 | closed | ||
18029 | 24 months ago | Python SSL support is missing from SPARC build | Python 3.2 | closed | ||
18134 | 24 months ago | zipfile extractall accepts wrong password | Python 2.7 | closed | ||
18317 | 24 months ago | gettext: DoS via crafted Plural-Forms | Python 3.7, Python 3.6, Python 3.4, Python 3.5, Python 2.7 | closed | ||
19781 | 24 months ago | No SSL match_hostname() in ftplib | Python 3.4 | closed | ||
19782 | 24 months ago | No SSL match_hostname() in imaplib | Python 3.4 | closed | ||
19783 | 24 months ago | No SSL match_hostname() in nntplib | Python 3.4 | closed | ||
19784 | 24 months ago | No SSL match_hostname() in poplib | Python 3.4 | closed | ||
19785 | 24 months ago | No SSL match_hostname() in smtplib | Python 3.4 | closed | ||
20078 | 24 months ago | zipfile - ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips | Python 3.3, Python 3.4 | closed | ||
20246 | 24 months ago | buffer overflow in socket.recvfrom_into | Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 2.7 | closed | ||
20447 | 24 months ago | doctest.debug_script: insecure use of /tmp | Python 3.1, Python 2.7 | closed | ||
20979 | 24 months ago | Calling getdents()/readdir64() repeatedly while closing descriptors provides unexpected behaviour. | Python 3.7, Python 3.6, Python 3.4, Python 3.5 | open | ||
21324 | 24 months ago | dbhash/bsddb leaks random memory fragments to a database | Python 2.7 | closed |