This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

ID GH Activity Title Status Creator
release blocker
47194 91350 25 months ago Upgrade to zlib v1.2.12 in CPython binary releases has PR open gregory.p.smith
deferred blocker
43223 87389 25 months ago [security] http.server: Open Redirection if the URL path starts with // has patch has PR open hamzaavvan
critical
17239 61441 25 months ago XML vulnerabilities in Python has patch has PR open christian.heimes
17180 61382 25 months ago shutil copy* unsafe on POSIX - they preserve setuid/setgit bits has patch open milko.krachounov
high
36338 80519 25 months ago urlparse of urllib returns wrong hostname has patch has PR open sanebow
29125 73311 25 months ago Shell injection via TIX_LIBRARY when using tkinter.tix has patch open symphorien
21109 65308 25 months ago tarfile: Traversal attack vulnerability has patch has PR open Daniel.Garcia
8372 52619 25 months ago socket: Buffer overrun while reading unterminated AF_UNIX addresses has patch open baikie
normal
46280 90438 25 months ago About vulnerabilities in Cpython native code has patch has PR open urnotmax
44637 88803 25 months ago Quoting issue on header Reply-To and other address headers has patch has PR open Abridbus
43813 87979 25 months ago Denial of service on http.server module with large request method. has PR open demonia
43763 87929 25 months ago [sqlite3] Use SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION iso. sqlite3_enable_load_extension() has patch open erlendaasland
43123 87289 25 months ago email MIME splitting has PR open martin.ortner
41162 85334 25 months ago Clear audit hooks after destructors has patch has PR open steve.dower
39184 83365 25 months ago Many command execution functions are not raising auditing events has PR open gousaiyang
36021 80202 25 months ago [Security][Windows] webbrowser: WindowsDefault uses os.startfile() and so can be abused to run arbitrary commands has PR open vstinner
35278 79459 25 months ago [security] directory traversal in tempfile prefix has patch has PR open Yusuke Endoh
35214 79395 25 months ago Get the test suite passing with clang Memory Sanitizer enabled has PR open gregory.p.smith
33661 77842 25 months ago urllib may leak sensitive HTTP headers to a third-party web site has PR open artem.smotrakov
33515 77696 25 months ago subprocess.Popen on a Windows batch file always acts as if shell=True has PR open abigail
29424 73610 25 months ago Multiple vulnerabilities in BaseHTTPRequestHandler enable HTTP response splitting attacks has patch open meitar
28778 72964 25 months ago wsgiref HTTP Response Header Injection: CRLF Injection has PR open RAUSHAN RAJ
27815 72002 25 months ago Make SSL suppress_ragged_eofs default more secure has patch has PR open martin.panter
24238 68426 25 months ago Avoid entity expansion attacks in Element Tree has patch open martin.panter
16202 60406 25 months ago sys.path[0] security issues has patch open jdemeyer
11671 55880 25 months ago Security hole in wsgiref.headers.Headers has patch has PR open Felix.Gröbert
1298813 42400 25 months ago sysmodule.c: realpath() is unsafe has patch open misa
  1.. 27 out of 27  
Download as CSV
Sort on: Descending:
Descending:
Group on: Descending:
Descending: