Search for packages
| purl | pkg:deb/debian/python3.13@3.13.12-1?distro=trixie |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zxzn-25zt-ukct
Aliases: CVE-2026-4786 |
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1hw3-vhwb-nkcd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-12718
|
| VCID-1uk5-6yqb-dyb5 | cpython: Out-of-memory when loading Plist |
CVE-2025-13837
|
| VCID-2v5u-2z4w-ffgx | python: incorrect IPv4 and IPv6 private ranges |
CVE-2024-4032
|
| VCID-4afh-28ss-mudf | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4138
|
| VCID-5maz-1h1k-3qfj | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4516
|
| VCID-757r-fs6p-qqdd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4517
|
| VCID-7s7y-9bw5-m3ep | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-6232
|
| VCID-8b19-pezx-6bcd | cpython: wsgiref.headers.Headers allows header newline injection in Python |
CVE-2026-0865
|
| VCID-8dtv-379a-wqfs | cpython: Excessive read buffering DoS in http.client |
CVE-2025-13836
|
| VCID-8hug-fhhb-sbgt | python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used |
CVE-2024-5642
|
| VCID-8zdt-4q7m-t7ht | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4330
|
| VCID-94n7-6q4s-3udv | cpython: Header injection via newlines in data URL mediatype in Python |
CVE-2025-15282
|
| VCID-9nvp-aus1-9yed | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-6923
|
| VCID-9sms-mhht-n3aq | python: Mishandling of comma during folding and unicode-encoding of email headers |
CVE-2025-1795
|
| VCID-bn83-d2qp-9bfy | cpython: Missing character filtering in Python |
CVE-2025-11468
|
| VCID-dnv8-yrd6-c7cv | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-8088
|
| VCID-e6sb-bh7v-9ugg | python: cpython: URL parser allowed square brackets in domain names |
CVE-2025-0938
|
| VCID-emaw-jmek-9bcy | cpython: Python HTMLParser quadratic complexity |
CVE-2025-6069
|
| VCID-fcsb-dn49-47gy | python: Quadratic complexity in os.path.expandvars() with user-controlled template |
CVE-2025-6075
|
| VCID-gar7-7upf-d7cz | Python-Markdown has an Uncaught Exception Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions. |
CVE-2025-69534
GHSA-5wmx-573v-2qwq |
| VCID-kn9b-2gxw-gqgx | cpython: email header injection due to unquoted newlines |
CVE-2026-1299
|
| VCID-mtk7-qut6-syd8 | cpython: Cpython infinite loop when parsing a tarfile |
CVE-2025-8194
|
| VCID-nqqc-u8d5-8qf6 | cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service |
CVE-2025-12084
|
| VCID-q6g1-cjz3-77e4 | cpython: Tarfile extracts filtered members when errorlevel=0 |
CVE-2025-4435
|
| VCID-qwhz-912b-8kh5 | cpython: python: Memory race condition in ssl.SSLContext certificate store methods |
CVE-2024-0397
|
| VCID-s5yq-pjhc-fbcm | python: Default mimetype known files writeable on Windows |
CVE-2024-3220
|
| VCID-tbuw-2msj-tqd9 | python: Virtual environment (venv) activation scripts don't quote paths |
CVE-2024-9287
|
| VCID-uvcx-satp-m3db | python: Unbounded memory buffering in SelectorSocketTransport.writelines() |
CVE-2024-12254
|
| VCID-v186-7sv1-ubej | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-7592
|
| VCID-ymg5-42xm-7fh9 | The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. |
CVE-2024-3219
|
| VCID-zh1r-7rzh-2bez | cpython: Header injection in http.cookies.Morsel in Python |
CVE-2026-0672
|
| VCID-znkr-fxtj-4uc7 | cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked |
CVE-2025-8291
|