Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/936985?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "type": "deb", "namespace": "debian", "name": "python3.9", "version": "0", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.9.0~b5-1", "latest_non_vulnerable_version": "3.9.2-1+deb11u6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31515?format=api", "vulnerability_id": "VCID-1hw3-vhwb-nkcd", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71904", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.719", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71854", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71871", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71867", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71785", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71811", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12718" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/127987", "reference_id": "127987", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/issues/127987" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013", "reference_id": "2370013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11386", "reference_id": "RHSA-2025:11386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-12718" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hw3-vhwb-nkcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31516?format=api", "vulnerability_id": "VCID-4afh-28ss-mudf", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50673", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50648", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50655", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50706", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50748", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50725", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50756", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50736", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50685", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50693", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426", "reference_id": "2372426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11386", "reference_id": "RHSA-2025:11386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-4138" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4afh-28ss-mudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81078?format=api", "vulnerability_id": "VCID-4pej-k4vs-j3d2", "summary": "python: sys.path allowing code to be loaded from arbitrary locations", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69871", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69883", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69898", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69875", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69922", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69939", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69963", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69947", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69976", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69987", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70019", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70028", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860242", "reference_id": "1860242", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860242" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-15801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pej-k4vs-j3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31521?format=api", "vulnerability_id": "VCID-757r-fs6p-qqdd", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53606", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53625", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6091", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60907", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60918", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60876", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60895", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60898", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016", "reference_id": "2370016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11386", "reference_id": "RHSA-2025:11386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-4517" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-757r-fs6p-qqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31517?format=api", "vulnerability_id": "VCID-8zdt-4q7m-t7ht", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.7708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77112", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77128", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77166", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77192", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77199", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014", "reference_id": "2370014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-4330" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zdt-4q7m-t7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78165?format=api", "vulnerability_id": "VCID-dv5v-71b5-budp", "summary": "python: use after free in heappushpop() of heapq module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48560.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48560.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42344", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42393", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.424", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42423", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42387", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42358", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42407", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42382", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42311", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42243", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42239", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42156", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48560" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48560" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249755", "reference_id": "2249755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0114", "reference_id": "RHSA-2024:0114", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0114" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0430", "reference_id": "RHSA-2024:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0586", "reference_id": "RHSA-2024:0586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2987", "reference_id": "RHSA-2024:2987", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2987" }, { "reference_url": "https://usn.ubuntu.com/6394-1/", "reference_id": "USN-6394-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6394-1/" }, { "reference_url": "https://usn.ubuntu.com/6394-2/", "reference_id": "USN-6394-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6394-2/" }, { "reference_url": "https://usn.ubuntu.com/6891-1/", "reference_id": "USN-6891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6891-1/" }, { "reference_url": "https://usn.ubuntu.com/7180-1/", "reference_id": "USN-7180-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7180-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-48560" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv5v-71b5-budp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355029?format=api", "vulnerability_id": "VCID-ftys-9k1s-mqd9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14056", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3087" }, { "reference_url": "https://github.com/python/cpython/issues/146581", "reference_id": "146581", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/issues/146581" }, { "reference_url": "https://github.com/python/cpython/pull/146591", "reference_id": "146591", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/pull/146591" }, { "reference_url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840", "reference_id": "ab5ef98af693bded74a738570e81ea70abef2840", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840" }, { "reference_url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd", "reference_id": "b01e594fbe754a960212f908d047294e880b52fd", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd" }, { "reference_url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4", "reference_id": "fc829e88753858c8ac669594bf0093f44948c0f4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/", "reference_id": "X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2026-3087" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftys-9k1s-mqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78172?format=api", "vulnerability_id": "VCID-gxvd-xhmx-2uh9", "summary": "python: sensitive information can be obtained via the _asyncio._swap_current_task component.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59561", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59603", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59596", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59616", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59586", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59555", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59607", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.5962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59639", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59635", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59642", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00382", "scoring_system": "epss", "scoring_elements": "0.59626", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38898" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/105987", "reference_id": "105987", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T20:56:48Z/" } ], "url": "https://github.com/python/cpython/issues/105987" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233280", "reference_id": "2233280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233280" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-38898" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxvd-xhmx-2uh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353906?format=api", "vulnerability_id": "VCID-hmcw-zcsy-9qcf", "summary": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15624", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2034", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3298" }, { "reference_url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d", "reference_id": "1274766d3c29007ab77245a72abbf8dce2a9db4d", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d" }, { "reference_url": "https://github.com/python/cpython/issues/148808", "reference_id": "148808", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/issues/148808" }, { "reference_url": "https://github.com/python/cpython/pull/148809", "reference_id": "148809", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/pull/148809" }, { "reference_url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2", "reference_id": "27522b7d6e6588f03e61099dd858cd5a9314e2f2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2" }, { "reference_url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741", "reference_id": "95633d2aad4721e25e4dfd9f43dfb6e1edcbd741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/", "reference_id": "KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2026-3298" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmcw-zcsy-9qcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73711?format=api", "vulnerability_id": "VCID-hssa-umby-eud3", "summary": "python: local privilege escalation via search path in Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26488.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26488.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26488", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81715", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81743", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81763", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.8175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81782", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81783", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.81786", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01669", "scoring_system": "epss", "scoring_elements": "0.82055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01703", "scoring_system": "epss", "scoring_elements": "0.82374", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01703", "scoring_system": "epss", "scoring_elements": "0.82359", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01703", "scoring_system": "epss", "scoring_elements": "0.8237", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26488" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316527", "reference_id": "2316527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316527" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-26488" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hssa-umby-eud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42642?format=api", "vulnerability_id": "VCID-hz5k-rky7-nucg", "summary": "Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41105.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58342", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58388", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58369", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58401", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58406", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58383", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58345", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58356", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58359", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58333", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58391", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58409", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41105" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/pull/107981", "reference_id": "107981", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:01:12Z/" } ], "url": "https://github.com/python/cpython/pull/107981" }, { "reference_url": "https://github.com/python/cpython/pull/107982", "reference_id": "107982", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:01:12Z/" } ], "url": "https://github.com/python/cpython/pull/107982" }, { "reference_url": "https://github.com/python/cpython/pull/107983", "reference_id": "107983", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:01:12Z/" } ], "url": "https://github.com/python/cpython/pull/107983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235795", "reference_id": "2235795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235795" }, { "reference_url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/", "reference_id": "D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:01:12Z/" } ], "url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/" }, { "reference_url": "https://security.gentoo.org/glsa/202405-01", "reference_id": "GLSA-202405-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-01" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231006-0015/", "reference_id": "ntap-20231006-0015", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:01:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231006-0015/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6494", "reference_id": "RHSA-2023:6494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7024", "reference_id": "RHSA-2023:7024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7024" }, { "reference_url": "https://usn.ubuntu.com/6547-1/", "reference_id": "USN-6547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6547-1/" }, { "reference_url": "https://usn.ubuntu.com/6891-1/", "reference_id": "USN-6891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-41105" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz5k-rky7-nucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69467?format=api", "vulnerability_id": "VCID-q6g1-cjz3-77e4", "summary": "cpython: Tarfile extracts filtered members when errorlevel=0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67725", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67688", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67711", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67699", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67723", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4435" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010", "reference_id": "2370010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-4435" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6g1-cjz3-77e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71849?format=api", "vulnerability_id": "VCID-s5yq-pjhc-fbcm", "summary": "python: Default mimetype known files writeable on Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44483", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44563", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52194", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52248", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52263", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5223", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345794", "reference_id": "2345794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345794" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/", "reference_id": "CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T16:46:00Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-3220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5yq-pjhc-fbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42638?format=api", "vulnerability_id": "VCID-s7qf-hjkq-wkdy", "summary": "Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6507.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6507.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23997", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24166", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24232", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24276", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24293", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24193", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24209", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2405", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27973", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6507" }, { "reference_url": "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b", "reference_id": "10e9bb13b8dcaa414645b9bd10718d8f7179e82b", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-31T20:16:20Z/" } ], "url": "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b" }, { "reference_url": "https://github.com/python/cpython/issues/112334", "reference_id": "112334", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-31T20:16:20Z/" } ], "url": "https://github.com/python/cpython/issues/112334" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293948", "reference_id": "2293948", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293948" }, { "reference_url": "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06", "reference_id": "85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-31T20:16:20Z/" } ], "url": "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06" }, { "reference_url": "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610", "reference_id": "9fe7655c6ce0b8e9adc229daf681b6d30e6b1610", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-31T20:16:20Z/" } ], "url": "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/", "reference_id": "AUL7QFHBLILGISS7U63B47AYSSGJJQZD", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-31T20:16:20Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/" }, { "reference_url": "https://security.gentoo.org/glsa/202405-01", "reference_id": "GLSA-202405-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-01" }, { "reference_url": "https://usn.ubuntu.com/6891-1/", "reference_id": "USN-6891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-6507" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7qf-hjkq-wkdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223883?format=api", "vulnerability_id": "VCID-sbe1-cx8r-aba1", "summary": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06838", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06895", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06923", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.069", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06723", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06916", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06772", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0677", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06756", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06844", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4030" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/118486", "reference_id": "118486", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/issues/118486" }, { "reference_url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", "reference_id": "35c799d79177b962ddace2fa068101465570a29a", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a" }, { "reference_url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", "reference_id": "5130731c9e779b97d00a24f54cdce73ce9975dfd", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd" }, { "reference_url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee", "reference_id": "66f8bb76a15e64a1bb7688b177ed29e26230fdee", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee" }, { "reference_url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e", "reference_id": "6d0850c4c8188035643586ab4d8ec2468abd699e", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e" }, { "reference_url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e", "reference_id": "81939dad77001556c527485d31a2d0f4a759033e", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e" }, { "reference_url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", "reference_id": "8ed546679524140d8282175411fd141fe7df070d", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d" }, { "reference_url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", "reference_id": "91e3669e01245185569d09e9e6e11641282971ee", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee" }, { "reference_url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca", "reference_id": "94591dca510c796c7d40e9b4167ea56f2fdf28ca", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca" }, { "reference_url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", "reference_id": "c8f868dc52f98011d0f9b459b6487920bfb0ac4d", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d" }, { "reference_url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84", "reference_id": "d86b49411753bf2c83291e3a14ae43fefded2f84", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84" }, { "reference_url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763", "reference_id": "e1dfa978b1ad210d551385ad8073ec6154f53763", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763" }, { "reference_url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", "reference_id": "eb29e2f5905da93333d1ce78bc98b151e763ff46", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240705-0005/", "reference_id": "ntap-20240705-0005", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240705-0005/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/", "reference_id": "PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-4030" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbe1-cx8r-aba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72620?format=api", "vulnerability_id": "VCID-uvcx-satp-m3db", "summary": "python: Unbounded memory buffering in SelectorSocketTransport.writelines()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12254.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12254.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4813", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48182", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4818", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48204", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4824", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48183", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48996", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49005", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12254" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089235", "reference_id": "1089235", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089235" }, { "reference_url": "https://github.com/python/cpython/issues/127655", "reference_id": "127655", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/issues/127655" }, { "reference_url": "https://github.com/python/cpython/pull/127656", "reference_id": "127656", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/pull/127656" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330804", "reference_id": "2330804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330804" }, { "reference_url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82", "reference_id": "71e8429ac8e2adc10084ab5ec29a62f4b6671a82", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82" }, { "reference_url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5", "reference_id": "9aa0deb2eef2655a1029ba228527b152353135b5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5" }, { "reference_url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786", "reference_id": "e991ac8f2037d78140e417cc9a9486223eb3e786", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/", "reference_id": "H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10978", "reference_id": "RHSA-2024:10978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10980", "reference_id": "RHSA-2024:10980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11035", "reference_id": "RHSA-2024:11035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11035" }, { "reference_url": "https://usn.ubuntu.com/7219-1/", "reference_id": "USN-7219-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7219-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-12254" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvcx-satp-m3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/294729?format=api", "vulnerability_id": "VCID-v6ry-7xxz-nbeu", "summary": "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20077", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25381", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25426", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25396", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25349", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25341", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.2531", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25272", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25263", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25218", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-33595" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2023-33595" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ry-7xxz-nbeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265016?format=api", "vulnerability_id": "VCID-ymg5-42xm-7fh9", "summary": "The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1901", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19055", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19165", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19156", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19393", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20", "reference_id": "06fa244666ec6335a3b9bf2367e31b42b9a89b20", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20" }, { "reference_url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2", "reference_id": "0b65c8bf5367625673eafb92f85046a1b31259f2", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2" }, { "reference_url": "https://github.com/python/cpython/issues/122133", "reference_id": "122133", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/issues/122133" }, { "reference_url": "https://github.com/python/cpython/pull/122134", "reference_id": "122134", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/pull/122134" }, { "reference_url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c", "reference_id": "220e31adeaaa8436c9ff234cba1398bc49e2bb6c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c" }, { "reference_url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508", "reference_id": "2621a8a40ba4b2c68ca564671b7daa5da80a4508", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/29/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/29/3" }, { "reference_url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d", "reference_id": "31302f5fc24eecd693f0c8aaba7c2840b09b594d", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d" }, { "reference_url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d", "reference_id": "3f5d9d12c74787fbf3f5891835c85cc15526c86d", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d" }, { "reference_url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39", "reference_id": "5df322e91a40909e6904bbdbc0c3a6b6a9eead39", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39" }, { "reference_url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929", "reference_id": "5f90abaa786f994db3907fc31e2ee00ea2cf0929", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929" }, { "reference_url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5", "reference_id": "78df1043dbdce5c989600616f9f87b4ee72944e5", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5" }, { "reference_url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54", "reference_id": "b252317956b7fc035bb3774ef6a177e227f9fc54", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54" }, { "reference_url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c", "reference_id": "c21a36112a0028d7ac3cf8f480e0dc88dba5922c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c" }, { "reference_url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", "reference_id": "c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde" }, { "reference_url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a", "reference_id": "e319f774f9e766a2b92949444a2d46081df3363a", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a" }, { "reference_url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", "reference_id": "f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/", "reference_id": "WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-3219" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymg5-42xm-7fh9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }