Search CVE reports


Toggle filters

1 – 10 of 756 results


CVE-2024-56374

Medium priority

Some fixes available 4 of 6

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential...

1 affected package

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-9774

Medium priority
Needs evaluation

A vulnerability was found in python-sql where unary operators do not escape non-Expression.

1 affected package

python-sql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-sql Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-12254

Medium priority

Some fixes available 2 of 3

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not “pause” writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the “high-water mark”. Because...

11 affected packages

python2.7, python3.10, python3.11, python3.12, python3.13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release Not in release
python3.11 Not in release Not affected Not in release Not in release Not in release
python3.12 Fixed Not in release Not in release Not in release Not in release
python3.13 Not in release Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not in release Not affected Not in release
python3.8 Not in release Not in release Not affected Not affected Not in release
python3.9 Not in release Not in release Not affected Not in release Not in release
Show all 11 packages Show less packages

CVE-2024-53908

Medium priority
Fixed

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection...

1 affected package

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-53907

Medium priority

Some fixes available 6 of 7

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing...

1 affected package

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-53981

Medium priority
Needs evaluation

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens...

1 affected package

python-multipart

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-multipart Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-53861

Medium priority
Not affected

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `“acb”` being accepted for `“_abc_”`. This is a bug introduced in version 2.10.0: checking the “iss” claim...

1 affected package

pyjwt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pyjwt Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-53899

Medium priority
Needs evaluation

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

1 affected package

python-virtualenv

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-virtualenv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-52804

Medium priority
Fixed

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when...

1 affected package

python-tornado

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado Fixed Fixed Fixed Fixed Not affected
Show less packages

CVE-2024-52304

Medium priority
Needs evaluation

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under...

1 affected package

python-aiohttp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-aiohttp Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages