Search CVE reports
251 – 260 of 829 results
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
1 affected package
python-cloudscraper
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-cloudscraper | Needs evaluation | Needs evaluation | Not in release | Not in release | — |
Some fixes available 12 of 16
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 15
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at...
10 affected packages
python2.7, python3.10, python3.11, python3.12, python3.4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| python3.10 | Not in release | Not in release | Fixed | Not in release | — |
| python3.11 | Not in release | Not in release | Needs evaluation | Not in release | — |
| python3.12 | Not in release | Not affected | Not in release | Not in release | — |
| python3.4 | Not in release | Not in release | Not in release | Not in release | — |
| python3.5 | Not in release | Not in release | Not in release | Not in release | — |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Needs evaluation |
| python3.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
Some fixes available 5 of 13
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of...
10 affected packages
python2.7, python3.10, python3.11, python3.12, python3.4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not in release | Fixed | Not in release | — |
| python3.11 | Not in release | Not in release | Needs evaluation | Not in release | — |
| python3.12 | Not in release | Fixed | Not in release | Not in release | — |
| python3.4 | Not in release | Not in release | Not in release | Not in release | — |
| python3.5 | Not in release | Not in release | Not in release | Not in release | — |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Needs evaluation |
| python3.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
Some fixes available 2 of 7
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar...
1 affected package
python-authlib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-authlib | Needs evaluation | Fixed | Fixed | Not in release | — |
Some fixes available 8 of 10
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
1 affected package
python-pymysql
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pymysql | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
Some fixes available 6 of 16
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue...
2 affected packages
python-pip, requests
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Fixed | Fixed | Ignored | Ignored |
| requests | Fixed | Ignored | Ignored | Ignored | Ignored |
Some fixes available 4 of 6
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch...
1 affected package
python-scrapy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-scrapy | Not affected | Fixed | Fixed | Fixed | Fixed |
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the...
1 affected package
python-aiosmtpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiosmtpd | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from...
10 affected packages
python2.7, python3.10, python3.11, python3.12, python3.4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not in release | Not affected | Not affected | Not affected |
| python3.10 | — | Not in release | Not affected | Not in release | — |
| python3.11 | — | Not in release | Not affected | Not in release | — |
| python3.12 | — | Not affected | Not in release | Not in release | — |
| python3.4 | — | Not in release | Not in release | Not in release | — |
| python3.5 | — | Not in release | Not in release | Not in release | — |
| python3.6 | — | Not in release | Not in release | Not in release | Not affected |
| python3.7 | — | Not in release | Not in release | Not in release | Not affected |
| python3.8 | — | Not in release | Not in release | Not affected | Not affected |
| python3.9 | — | Not in release | Not in release | Not affected | — |