Search CVE reports

Toggle filters

41 – 50 of 827 results

CVE-2026-40192

Medium priority
Fixed

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS...

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Fixed Not affected Not affected Not affected Not affected
pillow-python2 Not in release Not in release Not in release Not affected
Show less packages

CVE-2026-40947

Medium priority
Not affected

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

3 affected packages

libfido2, python-fido2, yubikey-manager

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libfido2 Not affected Not affected Not affected
python-fido2 Not affected Not affected Not affected
yubikey-manager Not affected Not affected Not affected
Show less packages

CVE-2026-5713

Medium priority
Needs evaluation

The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if...

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Needs evaluation Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Needs evaluation
python3.11 Not in release Not in release Needs evaluation
python3.12 Not in release Needs evaluation Not in release
python3.13 Not in release Not in release Not in release
python3.14 Needs evaluation Not in release Not in release
Show all 12 packages Show less packages

CVE-2026-4786

Medium priority
Needs evaluation

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell....

14 affected packages

jython, pypy3, python2.7, python3.4, python3.5...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jython Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pypy3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Needs evaluation Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Needs evaluation
python3.11 Not in release Not in release Needs evaluation
python3.12 Not in release Needs evaluation Not in release
python3.13 Not in release Not in release Not in release
python3.14 Needs evaluation Not in release Not in release
Show all 14 packages Show less packages

CVE-2026-6100

Medium priority
Needs evaluation

Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be...

13 affected packages

pypy3, python2.7, python3.4, python3.5, python3.6...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pypy3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Needs evaluation Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Needs evaluation
python3.11 Not in release Not in release Needs evaluation
python3.12 Not in release Needs evaluation Not in release
python3.13 Not in release Not in release Not in release
python3.14 Needs evaluation Not in release Not in release
Show all 13 packages Show less packages

CVE-2026-3446

Medium priority
Needs evaluation

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted...

13 affected packages

pypy3, python2.7, python3.4, python3.5, python3.6...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pypy3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Needs evaluation Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Needs evaluation
python3.11 Not in release Not in release Needs evaluation
python3.12 Not in release Needs evaluation Not in release
python3.13 Not in release Not in release Not in release
python3.14 Needs evaluation Not in release Not in release
Show all 13 packages Show less packages

CVE-2026-1502

Medium priority
Needs evaluation

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

14 affected packages

jython, pypy3, python2.7, python3.4, python3.5...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jython Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pypy3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Needs evaluation Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Needs evaluation
python3.11 Not in release Not in release Needs evaluation
python3.12 Not in release Needs evaluation Not in release
python3.13 Not in release Not in release Not in release
python3.14 Needs evaluation Not in release Not in release
Show all 14 packages Show less packages

CVE-2026-39892

Medium priority
Not affected

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g....

1 affected package

python-cryptography

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-cryptography Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-39373

Medium priority
Needs evaluation

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for...

1 affected package

python-jwcrypto

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-jwcrypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-4292

Low priority
Fixed

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier,...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Fixed
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON