Search for packages
| purl | pkg:deb/debian/python3.11@3.11.2-6%2Bdeb12u6?distro=bookworm |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1hw3-vhwb-nkcd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-12718
|
| VCID-2shb-2cvn-dyd2 | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-24329
|
| VCID-2v5u-2z4w-ffgx | python: incorrect IPv4 and IPv6 private ranges |
CVE-2024-4032
|
| VCID-4afh-28ss-mudf | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4138
|
| VCID-4gsg-5e6s-63g4 | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2021-28861
|
| VCID-4z89-3tfk-pyge | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-40217
|
| VCID-757r-fs6p-qqdd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4517
|
| VCID-7ka5-7jrn-dber | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6597
|
| VCID-7s7y-9bw5-m3ep | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-6232
|
| VCID-8hug-fhhb-sbgt | python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used |
CVE-2024-5642
|
| VCID-8zdt-4q7m-t7ht | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4330
|
| VCID-9nvp-aus1-9yed | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-6923
|
| VCID-9sms-mhht-n3aq | python: Mishandling of comma during folding and unicode-encoding of email headers |
CVE-2025-1795
|
| VCID-a8mv-mr3q-vygz | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-42919
|
| VCID-dexx-3ssz-nqfg | python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple |
CVE-2023-27043
|
| VCID-dnv8-yrd6-c7cv | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-8088
|
| VCID-e6sb-bh7v-9ugg | python: cpython: URL parser allowed square brackets in domain names |
CVE-2025-0938
|
| VCID-gxvd-xhmx-2uh9 | python: sensitive information can be obtained via the _asyncio._swap_current_task component. |
CVE-2023-38898
|
| VCID-h7z2-vc14-nfhq | python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS |
CVE-2020-10735
|
| VCID-hz5k-rky7-nucg | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-41105
|
| VCID-js5p-py72-2kga | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2024-0450
|
| VCID-q6g1-cjz3-77e4 | cpython: Tarfile extracts filtered members when errorlevel=0 |
CVE-2025-4435
|
| VCID-qqh6-evfk-1fgy | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-45061
|
| VCID-qwhz-912b-8kh5 | cpython: python: Memory race condition in ssl.SSLContext certificate store methods |
CVE-2024-0397
|
| VCID-s5yq-pjhc-fbcm | python: Default mimetype known files writeable on Windows |
CVE-2024-3220
|
| VCID-s7qf-hjkq-wkdy | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6507
|
| VCID-sbe1-cx8r-aba1 | On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. |
CVE-2024-4030
|
| VCID-smck-sdx2-c7du | python: Improper validation of IPv6 and IPvFuture addresses |
CVE-2024-11168
|
| VCID-tbuw-2msj-tqd9 | python: Virtual environment (venv) activation scripts don't quote paths |
CVE-2024-9287
|
| VCID-uvcx-satp-m3db | python: Unbounded memory buffering in SelectorSocketTransport.writelines() |
CVE-2024-12254
|
| VCID-v186-7sv1-ubej | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-7592
|
| VCID-v6ry-7xxz-nbeu | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. |
CVE-2023-33595
|
| VCID-ymg5-42xm-7fh9 | The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. |
CVE-2024-3219
|
| VCID-zxzn-25zt-ukct | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. |
CVE-2026-4786
|