Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python3.14@3.14.4-1?distro=sid
purl pkg:deb/debian/python3.14@3.14.4-1?distro=sid
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (17)
Vulnerability Summary Aliases
VCID-11ed-tk56-8khn python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-4519
VCID-1pr1-jkqa-43g6 cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-2297
VCID-1uk5-6yqb-dyb5 cpython: Out-of-memory when loading Plist CVE-2025-13837
VCID-8b19-pezx-6bcd cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865
VCID-8dtv-379a-wqfs cpython: Excessive read buffering DoS in http.client CVE-2025-13836
VCID-94n7-6q4s-3udv cpython: Header injection via newlines in data URL mediatype in Python CVE-2025-15282
VCID-9vcx-2fts-gkfw cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4224
VCID-bn83-d2qp-9bfy cpython: Missing character filtering in Python CVE-2025-11468
VCID-fcsb-dn49-47gy python: Quadratic complexity in os.path.expandvars() with user-controlled template CVE-2025-6075
VCID-gar7-7upf-d7cz Python-Markdown has an Uncaught Exception Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions. CVE-2025-69534
GHSA-5wmx-573v-2qwq
VCID-gqzt-rh1w-jkfu cpython: Incomplete control character validation in http.cookies CVE-2026-3644
VCID-kn9b-2gxw-gqgx cpython: email header injection due to unquoted newlines CVE-2026-1299
VCID-n4au-q9bs-kucb The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations. CVE-2025-13462
VCID-nqqc-u8d5-8qf6 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service CVE-2025-12084
VCID-q653-8f64-gkbe CVE-2026-3446
VCID-zh1r-7rzh-2bez cpython: Header injection in http.cookies.Morsel in Python CVE-2026-0672
VCID-znkr-fxtj-4uc7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked CVE-2025-8291

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:08:40.973231+00:00 Debian Importer Fixing VCID-1uk5-6yqb-dyb5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:02:23.851374+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:55:37.923822+00:00 Debian Importer Fixing VCID-znkr-fxtj-4uc7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:49:29.779204+00:00 Debian Importer Fixing VCID-8dtv-379a-wqfs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:38:05.937342+00:00 Debian Importer Fixing VCID-kn9b-2gxw-gqgx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:04:16.392279+00:00 Debian Importer Fixing VCID-gar7-7upf-d7cz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:40:17.463649+00:00 Debian Importer Fixing VCID-8b19-pezx-6bcd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:04:19.137951+00:00 Debian Importer Fixing VCID-fcsb-dn49-47gy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:24:17.147552+00:00 Debian Importer Fixing VCID-zh1r-7rzh-2bez https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:29:21.085692+00:00 Debian Importer Fixing VCID-nqqc-u8d5-8qf6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:28:14.130012+00:00 Debian Importer Fixing VCID-94n7-6q4s-3udv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:02:30.923337+00:00 Debian Importer Fixing VCID-1uk5-6yqb-dyb5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:57:47.363630+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:52:36.564915+00:00 Debian Importer Fixing VCID-znkr-fxtj-4uc7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:47:59.592634+00:00 Debian Importer Fixing VCID-8dtv-379a-wqfs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:39:25.353853+00:00 Debian Importer Fixing VCID-kn9b-2gxw-gqgx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:14:52.868324+00:00 Debian Importer Fixing VCID-gar7-7upf-d7cz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:57:05.764476+00:00 Debian Importer Fixing VCID-8b19-pezx-6bcd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:31:05.882762+00:00 Debian Importer Fixing VCID-fcsb-dn49-47gy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:00:53.913920+00:00 Debian Importer Fixing VCID-zh1r-7rzh-2bez https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T18:15:38.537467+00:00 Debian Importer Fixing VCID-q653-8f64-gkbe https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:19:40.926934+00:00 Debian Importer Fixing VCID-nqqc-u8d5-8qf6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:18:57.028674+00:00 Debian Importer Fixing VCID-94n7-6q4s-3udv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-09T17:37:12.090892+00:00 Debian Importer Fixing VCID-11ed-tk56-8khn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:12.064642+00:00 Debian Importer Fixing VCID-9vcx-2fts-gkfw https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:12.040074+00:00 Debian Importer Fixing VCID-gqzt-rh1w-jkfu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:12.008041+00:00 Debian Importer Fixing VCID-1pr1-jkqa-43g6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.991125+00:00 Debian Importer Fixing VCID-kn9b-2gxw-gqgx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.963047+00:00 Debian Importer Fixing VCID-8b19-pezx-6bcd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.935269+00:00 Debian Importer Fixing VCID-zh1r-7rzh-2bez https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.906921+00:00 Debian Importer Fixing VCID-znkr-fxtj-4uc7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.882203+00:00 Debian Importer Fixing VCID-gar7-7upf-d7cz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.857693+00:00 Debian Importer Fixing VCID-fcsb-dn49-47gy https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.832911+00:00 Debian Importer Fixing VCID-94n7-6q4s-3udv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.804121+00:00 Debian Importer Fixing VCID-1uk5-6yqb-dyb5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.779534+00:00 Debian Importer Fixing VCID-8dtv-379a-wqfs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.743616+00:00 Debian Importer Fixing VCID-n4au-q9bs-kucb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.726805+00:00 Debian Importer Fixing VCID-nqqc-u8d5-8qf6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-09T17:37:11.701259+00:00 Debian Importer Fixing VCID-bn83-d2qp-9bfy https://security-tracker.debian.org/tracker/data/json 38.1.0