Search CVE reports

Toggle filters

81 – 90 of 827 results

CVE-2026-31958

Medium priority
Fixed

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing...

1 affected package

python-tornado

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-tornado Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2026-28802

Medium priority
Needs evaluation

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the...

1 affected package

python-authlib

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-authlib Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-69534

Medium priority
Needs evaluation

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this...

13 affected packages

pypy3, python2.7, python3.4, python3.5, python3.6...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pypy3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Needs evaluation Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Needs evaluation
python3.11 Not in release Not in release Needs evaluation
python3.12 Not in release Needs evaluation Not in release
python3.13 Not in release Not in release Not in release
python3.14 Needs evaluation Not in release Not in release
Show all 13 packages Show less packages

CVE-2026-2297

Medium priority
Vulnerable

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit...

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not in release Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
python3.8 Not in release Not in release Not in release Vulnerable Vulnerable
python3.9 Not in release Not in release Not in release Vulnerable
python3.10 Not in release Not in release Vulnerable
python3.11 Not in release Not in release Vulnerable
python3.12 Not in release Vulnerable Not in release
python3.13 Not in release Not in release Not in release
python3.14 Vulnerable Not in release Not in release
Show all 12 packages Show less packages

CVE-2026-25674

Low priority
Needs evaluation

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-25673

Medium priority
Not affected

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-27199

Medium priority
Not affected

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported...

1 affected package

python-werkzeug

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-werkzeug Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-25531

Medium priority
Needs evaluation

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for...

2 affected packages

kanboard-cli, python-kanboard

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
kanboard-cli Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python-kanboard Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-25990

Medium priority
Fixed

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

2 affected packages

pillow-python2, pillow

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow-python2 Not in release Not in release Not affected
pillow Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-25924

Medium priority
Needs evaluation

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution...

2 affected packages

kanboard-cli, python-kanboard

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
kanboard-cli Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python-kanboard Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 7
  3. 8
  4. 9
  5. 10
  6. 11
  7. Next page
Export to JSON