VulnerableCode Package Details - pkg:deb/debian/python3.14@3.14.3-3?distro=sid

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/python3.14@3.14.3-3?distro=sid

Essentials
History (39)

purl	pkg:deb/debian/python3.14@3.14.3-3?distro=sid

Next non-vulnerable version	3.14.3-4
Latest non-vulnerable version	3.14.4-1
Risk	3.2

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-11ed-tk56-8khn Aliases: CVE-2026-4519	python: Python: Command-line option injection in webbrowser.open() via crafted URLs	3.14.4-1 Affected by 0 other vulnerabilities.
VCID-1pr1-jkqa-43g6 Aliases: CVE-2026-2297	cpython: CPython: Logging Bypass in Legacy .pyc File Handling	3.14.3-4 Affected by 0 other vulnerabilities. 3.14.3-5 Affected by 0 other vulnerabilities. 3.14.4-1 Affected by 0 other vulnerabilities.
VCID-9vcx-2fts-gkfw Aliases: CVE-2026-4224	cpython: Stack overflow parsing XML with deeply nested DTD content models	3.14.3-4 Affected by 0 other vulnerabilities. 3.14.3-5 Affected by 0 other vulnerabilities. 3.14.4-1 Affected by 0 other vulnerabilities.
VCID-gqzt-rh1w-jkfu Aliases: CVE-2026-3644	cpython: Incomplete control character validation in http.cookies	3.14.3-4 Affected by 0 other vulnerabilities. 3.14.3-5 Affected by 0 other vulnerabilities. 3.14.4-1 Affected by 0 other vulnerabilities.
VCID-n4au-q9bs-kucb Aliases: CVE-2025-13462	The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.	3.14.3-4 Affected by 0 other vulnerabilities. 3.14.3-5 Affected by 0 other vulnerabilities. 3.14.4-1 Affected by 0 other vulnerabilities.
VCID-q653-8f64-gkbe Aliases: CVE-2026-3446		3.14.4-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (11)

Vulnerability	Summary	Aliases
VCID-1uk5-6yqb-dyb5	cpython: Out-of-memory when loading Plist	CVE-2025-13837
VCID-8b19-pezx-6bcd	cpython: wsgiref.headers.Headers allows header newline injection in Python	CVE-2026-0865
VCID-8dtv-379a-wqfs	cpython: Excessive read buffering DoS in http.client	CVE-2025-13836
VCID-94n7-6q4s-3udv	cpython: Header injection via newlines in data URL mediatype in Python	CVE-2025-15282
VCID-bn83-d2qp-9bfy	cpython: Missing character filtering in Python	CVE-2025-11468
VCID-fcsb-dn49-47gy	python: Quadratic complexity in os.path.expandvars() with user-controlled template	CVE-2025-6075
VCID-gar7-7upf-d7cz	Python-Markdown has an Uncaught Exception Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.	CVE-2025-69534 GHSA-5wmx-573v-2qwq
VCID-kn9b-2gxw-gqgx	cpython: email header injection due to unquoted newlines	CVE-2026-1299
VCID-nqqc-u8d5-8qf6	cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service	CVE-2025-12084
VCID-zh1r-7rzh-2bez	cpython: Header injection in http.cookies.Morsel in Python	CVE-2026-0672
VCID-znkr-fxtj-4uc7	cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked	CVE-2025-8291

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:38:05.930279+00:00	Debian Importer	Fixing	VCID-kn9b-2gxw-gqgx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:08:26.013942+00:00	Debian Importer	Fixing	VCID-znkr-fxtj-4uc7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:04:16.387313+00:00	Debian Importer	Fixing	VCID-gar7-7upf-d7cz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:40:17.456638+00:00	Debian Importer	Fixing	VCID-8b19-pezx-6bcd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:04:19.132987+00:00	Debian Importer	Fixing	VCID-fcsb-dn49-47gy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:45:01.956259+00:00	Debian Importer	Fixing	VCID-1uk5-6yqb-dyb5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:33.383487+00:00	Debian Importer	Fixing	VCID-bn83-d2qp-9bfy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:24:17.144302+00:00	Debian Importer	Fixing	VCID-zh1r-7rzh-2bez	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:32:33.085597+00:00	Debian Importer	Fixing	VCID-8dtv-379a-wqfs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:21.083214+00:00	Debian Importer	Fixing	VCID-nqqc-u8d5-8qf6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:28:14.122470+00:00	Debian Importer	Fixing	VCID-94n7-6q4s-3udv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:39:25.346770+00:00	Debian Importer	Fixing	VCID-kn9b-2gxw-gqgx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:18:04.382686+00:00	Debian Importer	Fixing	VCID-znkr-fxtj-4uc7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:14:52.863499+00:00	Debian Importer	Fixing	VCID-gar7-7upf-d7cz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:57:05.757632+00:00	Debian Importer	Fixing	VCID-8b19-pezx-6bcd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:31:05.876842+00:00	Debian Importer	Fixing	VCID-fcsb-dn49-47gy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:14.825358+00:00	Debian Importer	Fixing	VCID-1uk5-6yqb-dyb5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:36.949061+00:00	Debian Importer	Fixing	VCID-bn83-d2qp-9bfy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:00:53.906877+00:00	Debian Importer	Fixing	VCID-zh1r-7rzh-2bez	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:15:38.532797+00:00	Debian Importer	Affected by	VCID-q653-8f64-gkbe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:43.032193+00:00	Debian Importer	Fixing	VCID-8dtv-379a-wqfs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:40.921287+00:00	Debian Importer	Fixing	VCID-nqqc-u8d5-8qf6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:18:57.020502+00:00	Debian Importer	Fixing	VCID-94n7-6q4s-3udv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-09T17:37:12.086795+00:00	Debian Importer	Affected by	VCID-11ed-tk56-8khn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.593756+00:00	Debian Importer	Affected by	VCID-9vcx-2fts-gkfw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.566094+00:00	Debian Importer	Affected by	VCID-gqzt-rh1w-jkfu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.528775+00:00	Debian Importer	Affected by	VCID-1pr1-jkqa-43g6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.497488+00:00	Debian Importer	Fixing	VCID-kn9b-2gxw-gqgx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.463957+00:00	Debian Importer	Fixing	VCID-8b19-pezx-6bcd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.430812+00:00	Debian Importer	Fixing	VCID-zh1r-7rzh-2bez	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.398139+00:00	Debian Importer	Fixing	VCID-znkr-fxtj-4uc7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.369126+00:00	Debian Importer	Fixing	VCID-gar7-7upf-d7cz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.340947+00:00	Debian Importer	Fixing	VCID-fcsb-dn49-47gy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.292653+00:00	Debian Importer	Fixing	VCID-94n7-6q4s-3udv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.261685+00:00	Debian Importer	Fixing	VCID-1uk5-6yqb-dyb5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.233851+00:00	Debian Importer	Fixing	VCID-8dtv-379a-wqfs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.205294+00:00	Debian Importer	Affected by	VCID-n4au-q9bs-kucb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.167197+00:00	Debian Importer	Fixing	VCID-nqqc-u8d5-8qf6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:01.134340+00:00	Debian Importer	Fixing	VCID-bn83-d2qp-9bfy	https://security-tracker.debian.org/tracker/data/json	38.1.0