Search for packages
| purl | pkg:deb/debian/python3.11@0?distro=bookworm |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1hw3-vhwb-nkcd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-12718
|
| VCID-4afh-28ss-mudf | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4138
|
| VCID-757r-fs6p-qqdd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4517
|
| VCID-8hug-fhhb-sbgt | python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used |
CVE-2024-5642
|
| VCID-8zdt-4q7m-t7ht | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4330
|
| VCID-gxvd-xhmx-2uh9 | python: sensitive information can be obtained via the _asyncio._swap_current_task component. |
CVE-2023-38898
|
| VCID-q6g1-cjz3-77e4 | cpython: Tarfile extracts filtered members when errorlevel=0 |
CVE-2025-4435
|
| VCID-s5yq-pjhc-fbcm | python: Default mimetype known files writeable on Windows |
CVE-2024-3220
|
| VCID-s7qf-hjkq-wkdy | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6507
|
| VCID-sbe1-cx8r-aba1 | On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. |
CVE-2024-4030
|
| VCID-uvcx-satp-m3db | python: Unbounded memory buffering in SelectorSocketTransport.writelines() |
CVE-2024-12254
|
| VCID-v6ry-7xxz-nbeu | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. |
CVE-2023-33595
|
| VCID-ymg5-42xm-7fh9 | The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. |
CVE-2024-3219
|
| VCID-zxzn-25zt-ukct | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. |
CVE-2026-4786
|