Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python3.14@3.14.3-5?distro=sid
purl pkg:deb/debian/python3.14@3.14.3-5?distro=sid
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (15)
Vulnerability Summary Aliases
VCID-1pr1-jkqa-43g6 cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-2297
VCID-1uk5-6yqb-dyb5 cpython: Out-of-memory when loading Plist CVE-2025-13837
VCID-8b19-pezx-6bcd cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865
VCID-8dtv-379a-wqfs cpython: Excessive read buffering DoS in http.client CVE-2025-13836
VCID-94n7-6q4s-3udv cpython: Header injection via newlines in data URL mediatype in Python CVE-2025-15282
VCID-9vcx-2fts-gkfw cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4224
VCID-bn83-d2qp-9bfy cpython: Missing character filtering in Python CVE-2025-11468
VCID-fcsb-dn49-47gy python: Quadratic complexity in os.path.expandvars() with user-controlled template CVE-2025-6075
VCID-gar7-7upf-d7cz Python-Markdown has an Uncaught Exception Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions. CVE-2025-69534
GHSA-5wmx-573v-2qwq
VCID-gqzt-rh1w-jkfu cpython: Incomplete control character validation in http.cookies CVE-2026-3644
VCID-kn9b-2gxw-gqgx cpython: email header injection due to unquoted newlines CVE-2026-1299
VCID-n4au-q9bs-kucb The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations. CVE-2025-13462
VCID-nqqc-u8d5-8qf6 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service CVE-2025-12084
VCID-zh1r-7rzh-2bez cpython: Header injection in http.cookies.Morsel in Python CVE-2026-0672
VCID-znkr-fxtj-4uc7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked CVE-2025-8291

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:02:50.534361+00:00 Debian Importer Fixing VCID-kn9b-2gxw-gqgx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:15:26.014575+00:00 Debian Importer Fixing VCID-gar7-7upf-d7cz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:08:52.981096+00:00 Debian Importer Fixing VCID-zh1r-7rzh-2bez https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:08:26.019021+00:00 Debian Importer Fixing VCID-znkr-fxtj-4uc7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:06:27.862922+00:00 Debian Importer Fixing VCID-fcsb-dn49-47gy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:47:17.700000+00:00 Debian Importer Fixing VCID-8b19-pezx-6bcd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:26:11.406369+00:00 Debian Importer Fixing VCID-94n7-6q4s-3udv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:45:27.438762+00:00 Debian Importer Fixing VCID-nqqc-u8d5-8qf6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:45:01.960989+00:00 Debian Importer Fixing VCID-1uk5-6yqb-dyb5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:42:33.390660+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:32:33.090169+00:00 Debian Importer Fixing VCID-8dtv-379a-wqfs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:58:06.779195+00:00 Debian Importer Fixing VCID-kn9b-2gxw-gqgx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:23:00.107982+00:00 Debian Importer Fixing VCID-gar7-7upf-d7cz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:18:20.336477+00:00 Debian Importer Fixing VCID-zh1r-7rzh-2bez https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:18:04.387948+00:00 Debian Importer Fixing VCID-znkr-fxtj-4uc7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:16:39.391734+00:00 Debian Importer Fixing VCID-fcsb-dn49-47gy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:02:22.673076+00:00 Debian Importer Fixing VCID-8b19-pezx-6bcd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:47:29.341060+00:00 Debian Importer Fixing VCID-94n7-6q4s-3udv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:16:32.117377+00:00 Debian Importer Fixing VCID-nqqc-u8d5-8qf6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:16:14.830953+00:00 Debian Importer Fixing VCID-1uk5-6yqb-dyb5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:14:36.952041+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:21:43.037108+00:00 Debian Importer Fixing VCID-8dtv-379a-wqfs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:51:01.597713+00:00 Debian Importer Fixing VCID-9vcx-2fts-gkfw https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.570088+00:00 Debian Importer Fixing VCID-gqzt-rh1w-jkfu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.533031+00:00 Debian Importer Fixing VCID-1pr1-jkqa-43g6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.514535+00:00 Debian Importer Fixing VCID-kn9b-2gxw-gqgx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.479939+00:00 Debian Importer Fixing VCID-8b19-pezx-6bcd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.447221+00:00 Debian Importer Fixing VCID-zh1r-7rzh-2bez https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.413665+00:00 Debian Importer Fixing VCID-znkr-fxtj-4uc7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.384130+00:00 Debian Importer Fixing VCID-gar7-7upf-d7cz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.354957+00:00 Debian Importer Fixing VCID-fcsb-dn49-47gy https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.308950+00:00 Debian Importer Fixing VCID-94n7-6q4s-3udv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.275560+00:00 Debian Importer Fixing VCID-1uk5-6yqb-dyb5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.248085+00:00 Debian Importer Fixing VCID-8dtv-379a-wqfs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.209163+00:00 Debian Importer Fixing VCID-n4au-q9bs-kucb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.182149+00:00 Debian Importer Fixing VCID-nqqc-u8d5-8qf6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:01.153094+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.1.0