Search for packages
| purl | pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-11ed-tk56-8khn | python: Python: Command-line option injection in webbrowser.open() via crafted URLs |
CVE-2026-4519
|
| VCID-1hw3-vhwb-nkcd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-12718
|
| VCID-1pr1-jkqa-43g6 | cpython: CPython: Logging Bypass in Legacy .pyc File Handling |
CVE-2026-2297
|
| VCID-1uk5-6yqb-dyb5 | cpython: Out-of-memory when loading Plist |
CVE-2025-13837
|
| VCID-2czu-wy37-qugf | python: constant-time-defeating optimisations issue in the compare_digest function in Lib/hmac.p |
CVE-2022-48566
|
| VCID-2j3t-a3r6-vfg7 | Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. |
CVE-2021-3426
|
| VCID-2shb-2cvn-dyd2 | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-24329
|
| VCID-2v5u-2z4w-ffgx | python: incorrect IPv4 and IPv6 private ranges |
CVE-2024-4032
|
| VCID-4afh-28ss-mudf | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4138
|
| VCID-4gsg-5e6s-63g4 | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2021-28861
|
| VCID-4q79-666d-rygx | python: XML External Entity in XML processing plistlib module |
CVE-2022-48565
|
| VCID-4z89-3tfk-pyge | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-40217
|
| VCID-5maz-1h1k-3qfj | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4516
|
| VCID-757r-fs6p-qqdd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4517
|
| VCID-7ka5-7jrn-dber | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6597
|
| VCID-7nj2-94zp-d3bp | python: DoS when processing malformed Apple Property List files in binary format |
CVE-2022-48564
|
| VCID-7s7y-9bw5-m3ep | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-6232
|
| VCID-8a7h-5rn5-gubx | A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. |
CVE-2020-27619
|
| VCID-8b19-pezx-6bcd | cpython: wsgiref.headers.Headers allows header newline injection in Python |
CVE-2026-0865
|
| VCID-8dtv-379a-wqfs | cpython: Excessive read buffering DoS in http.client |
CVE-2025-13836
|
| VCID-8hug-fhhb-sbgt | python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used |
CVE-2024-5642
|
| VCID-8zdt-4q7m-t7ht | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4330
|
| VCID-94n7-6q4s-3udv | cpython: Header injection via newlines in data URL mediatype in Python |
CVE-2025-15282
|
| VCID-9nvp-aus1-9yed | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-6923
|
| VCID-9sms-mhht-n3aq | python: Mishandling of comma during folding and unicode-encoding of email headers |
CVE-2025-1795
|
| VCID-9vcx-2fts-gkfw | cpython: Stack overflow parsing XML with deeply nested DTD content models |
CVE-2026-4224
|
| VCID-a2st-585f-uucu |
CVE-2026-1502
|
|
| VCID-a8mv-mr3q-vygz | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-42919
|
| VCID-bn83-d2qp-9bfy | cpython: Missing character filtering in Python |
CVE-2025-11468
|
| VCID-bqp2-x383-xqfh | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2015-20107
|
| VCID-ct6h-d1eh-7bgj | python: urllib: Regular expression DoS in AbstractBasicAuthHandler |
CVE-2021-3733
|
| VCID-dexx-3ssz-nqfg | python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple |
CVE-2023-27043
|
| VCID-dnv8-yrd6-c7cv | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-8088
|
| VCID-e6rs-jwvu-jycd | python: urllib: HTTP client possible infinite loop on a 100 Continue response |
CVE-2021-3737
|
| VCID-e6sb-bh7v-9ugg | python: cpython: URL parser allowed square brackets in domain names |
CVE-2025-0938
|
| VCID-emaw-jmek-9bcy | cpython: Python HTMLParser quadratic complexity |
CVE-2025-6069
|
| VCID-ewbq-2gm8-tyf5 | Buffer overflow in sponge queue functions ### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details. |
CVE-2022-37454
GHSA-6w4m-2xhg-2658 |
| VCID-fcsb-dn49-47gy | python: Quadratic complexity in os.path.expandvars() with user-controlled template |
CVE-2025-6075
|
| VCID-ftys-9k1s-mqd9 |
CVE-2026-3087
|
|
| VCID-gvgx-eq9r-d3d2 | Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. |
CVE-2020-26116
|
| VCID-h7z2-vc14-nfhq | python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS |
CVE-2020-10735
|
| VCID-j8hj-k7wy-yfch | python: ftplib should not use the host from the PASV response |
CVE-2021-4189
|
| VCID-js5p-py72-2kga | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2024-0450
|
| VCID-kn9b-2gxw-gqgx | cpython: email header injection due to unquoted newlines |
CVE-2026-1299
|
| VCID-mtk7-qut6-syd8 | cpython: Cpython infinite loop when parsing a tarfile |
CVE-2025-8194
|
| VCID-nqqc-u8d5-8qf6 | cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service |
CVE-2025-12084
|
| VCID-q6g1-cjz3-77e4 | cpython: Tarfile extracts filtered members when errorlevel=0 |
CVE-2025-4435
|
| VCID-qqh6-evfk-1fgy | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-45061
|
| VCID-qwhz-912b-8kh5 | cpython: python: Memory race condition in ssl.SSLContext certificate store methods |
CVE-2024-0397
|
| VCID-rcu5-gpmt-r7cb |
CVE-2026-6100
|
|
| VCID-smck-sdx2-c7du | python: Improper validation of IPv6 and IPvFuture addresses |
CVE-2024-11168
|
| VCID-tbuw-2msj-tqd9 | python: Virtual environment (venv) activation scripts don't quote paths |
CVE-2024-9287
|
| VCID-tyk4-kazt-kydj | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-20907
|
| VCID-v186-7sv1-ubej | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-7592
|
| VCID-vpwj-d49q-1uh8 | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-0391
|
| VCID-w6k8-js68-87g4 | Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. |
CVE-2021-23336
|
| VCID-z48d-eyxz-bycq | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2021-29921
|
| VCID-zh1r-7rzh-2bez | cpython: Header injection in http.cookies.Morsel in Python |
CVE-2026-0672
|
| VCID-znkr-fxtj-4uc7 | cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked |
CVE-2025-8291
|
| VCID-zxzn-25zt-ukct | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. |
CVE-2026-4786
|