Search CVE reports
171 – 180 of 828 results
A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory...
1 affected package
python-future
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-future | — | Not affected | Not affected | Not affected | Not affected |
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | Not in release | — | Fixed |
| python3.7 | Not in release | Not in release | Not in release | — | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Not in release | Fixed | — | — |
| python3.11 | Not in release | Not in release | Fixed | — | — |
| python3.12 | Not in release | Fixed | Not in release | — | — |
| python3.13 | Not in release | Not in release | Not in release | — | — |
| python3.14 | Not affected | Not in release | Not in release | — | — |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request....
1 affected package
python-aiohttp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiohttp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer...
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | — | Not affected | Not affected | Not affected | Not affected |
| pillow-python2 | — | Not in release | Not in release | Not affected | — |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | — | Not affected | Not affected | Not affected | Not affected |
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default,...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Not affected | Not affected |
| python-urllib3 | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 29
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
13 affected packages
jython, python2.7, python3.11, python3.12, python3.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jython | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python2.7 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| python3.11 | Not in release | Not in release | Fixed | Not in release | Not in release |
| python3.12 | Not in release | Fixed | Not in release | Not in release | Not in release |
| python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.9 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python3.10 | Not in release | Not in release | Fixed | Not in release | Not in release |
| python3.14 | Not affected | Not in release | Not in release | Not in release | Not in release |
Some fixes available 12 of 13
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix....
2 affected packages
python-pip, requests
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Not affected | Not affected |
| requests | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 10
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not in release | Not affected | Not affected | Not affected |
| python3.4 | — | Not in release | Not in release | — | — |
| python3.5 | — | Not in release | Not in release | — | — |
| python3.6 | — | Not in release | Not in release | — | Not affected |
| python3.7 | — | Not in release | Not in release | — | Not affected |
| python3.8 | — | Not in release | Not in release | Not affected | Not affected |
| python3.9 | — | Not in release | Not in release | Not affected | — |
| python3.10 | — | Not in release | Not affected | — | — |
| python3.11 | — | Not in release | Not affected | — | — |
| python3.12 | — | Fixed | Not in release | — | — |
| python3.13 | — | Not in release | Not in release | — | — |
| python3.14 | — | Not in release | Not in release | — | — |