Search CVE reports

71 – 80 of 827 results

Detailed view

Sort by:

CVE-2026-33154

Medium priority

Fixed

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is...

1 affected package

python-dynaconf

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-dynaconf	Fixed	Fixed	Fixed	—	—

CVE-2026-4519

Medium priority

Needs evaluation

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing...

14 affected packages

jython, pypy3, python2.7, python3.4, python3.5...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jython	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
pypy3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—
python2.7	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	Not in release	—	Needs evaluation
python3.7	Not in release	Not in release	Not in release	—	Needs evaluation
python3.8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
python3.9	Not in release	Not in release	Not in release	Needs evaluation	—
python3.10	Not in release	Not in release	Needs evaluation	—	—
python3.11	Not in release	Not in release	Needs evaluation	—	—
python3.12	Not in release	Needs evaluation	Not in release	—	—
python3.13	Not in release	Not in release	Not in release	—	—
python3.14	Needs evaluation	Not in release	Not in release	—	—

CVE-2026-32722

Medium priority

Needs evaluation

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled...

1 affected package

python-memray

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-memray	Needs evaluation	Not in release	Not in release	—	—

CVE-2026-3479

Medium priority

Needs evaluation

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in...

13 affected packages

pypy3, python2.7, python3.4, python3.5, python3.6...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pypy3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—
python2.7	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	Not in release	—	Needs evaluation
python3.7	Not in release	Not in release	Not in release	—	Needs evaluation
python3.8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
python3.9	Not in release	Not in release	Not in release	Needs evaluation	—
python3.10	Not in release	Not in release	Needs evaluation	—	—
python3.11	Not in release	Not in release	Needs evaluation	—	—
python3.12	Not in release	Needs evaluation	Not in release	—	—
python3.13	Not in release	Not in release	Not in release	—	—
python3.14	Needs evaluation	Not in release	Not in release	—	—

CVE-2026-4224

Medium priority

Needs evaluation

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

13 affected packages

pypy3, python2.7, python3.4, python3.5, python3.6...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pypy3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—
python2.7	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	Not in release	—	Needs evaluation
python3.7	Not in release	Not in release	Not in release	—	Needs evaluation
python3.8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
python3.9	Not in release	Not in release	Not in release	Needs evaluation	—
python3.10	Not in release	Not in release	Needs evaluation	—	—
python3.11	Not in release	Not in release	Needs evaluation	—	—
python3.12	Not in release	Needs evaluation	Not in release	—	—
python3.13	Not in release	Not in release	Not in release	—	—
python3.14	Needs evaluation	Not in release	Not in release	—	—

CVE-2026-3644

Medium priority

Needs evaluation

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation....

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	Not in release	—	Needs evaluation
python3.7	Not in release	Not in release	Not in release	—	Needs evaluation
python3.8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
python3.9	Not in release	Not in release	Not in release	Needs evaluation	—
python3.10	Not in release	Not in release	Needs evaluation	—	—
python3.11	Not in release	Not in release	Needs evaluation	—	—
python3.12	Not in release	Needs evaluation	Not in release	—	—
python3.13	Not in release	Not in release	Not in release	—	—
python3.14	Needs evaluation	Not in release	Not in release	—	—

CVE-2026-28498

Medium priority

Needs evaluation

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID...

1 affected package

python-authlib

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-authlib	Needs evaluation	Needs evaluation	Needs evaluation	—	—

CVE-2026-28490

Medium priority

Needs evaluation

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON...

1 affected package

python-authlib

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-authlib	Needs evaluation	Needs evaluation	Needs evaluation	—	—

CVE-2026-27962

Medium priority

Needs evaluation

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT...

1 affected package

python-authlib

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-authlib	Needs evaluation	Needs evaluation	Needs evaluation	—	—

CVE-2025-13462

Medium priority

Vulnerable

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being...

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	Not in release	—	Needs evaluation
python3.7	Not in release	Not in release	Not in release	—	Needs evaluation
python3.8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
python3.9	Not in release	Not in release	Not in release	Needs evaluation	—
python3.10	Not in release	Not in release	Needs evaluation	—	—
python3.11	Not in release	Not in release	Needs evaluation	—	—
python3.12	Not in release	Vulnerable	Not in release	—	—
python3.13	Not in release	Not in release	Not in release	—	—
python3.14	Needs evaluation	Not in release	Not in release	—	—

Export to JSON

Results by page: