Search for packages
| purl | pkg:deb/debian/python3.14@3.14.4-2?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-11ed-tk56-8khn | python: Python: Command-line option injection in webbrowser.open() via crafted URLs |
CVE-2026-4519
|
| VCID-1pr1-jkqa-43g6 | cpython: CPython: Logging Bypass in Legacy .pyc File Handling |
CVE-2026-2297
|
| VCID-1uk5-6yqb-dyb5 | cpython: Out-of-memory when loading Plist |
CVE-2025-13837
|
| VCID-8b19-pezx-6bcd | cpython: wsgiref.headers.Headers allows header newline injection in Python |
CVE-2026-0865
|
| VCID-8dtv-379a-wqfs | cpython: Excessive read buffering DoS in http.client |
CVE-2025-13836
|
| VCID-94n7-6q4s-3udv | cpython: Header injection via newlines in data URL mediatype in Python |
CVE-2025-15282
|
| VCID-9vcx-2fts-gkfw | cpython: Stack overflow parsing XML with deeply nested DTD content models |
CVE-2026-4224
|
| VCID-bn83-d2qp-9bfy | cpython: Missing character filtering in Python |
CVE-2025-11468
|
| VCID-fcsb-dn49-47gy | python: Quadratic complexity in os.path.expandvars() with user-controlled template |
CVE-2025-6075
|
| VCID-gar7-7upf-d7cz | Python-Markdown has an Uncaught Exception Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions. |
CVE-2025-69534
GHSA-5wmx-573v-2qwq |
| VCID-gqzt-rh1w-jkfu | cpython: Incomplete control character validation in http.cookies |
CVE-2026-3644
|
| VCID-hmcw-zcsy-9qcf | The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected. |
CVE-2026-3298
|
| VCID-kn9b-2gxw-gqgx | cpython: email header injection due to unquoted newlines |
CVE-2026-1299
|
| VCID-n4au-q9bs-kucb | The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations. |
CVE-2025-13462
|
| VCID-nqqc-u8d5-8qf6 | cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service |
CVE-2025-12084
|
| VCID-q653-8f64-gkbe |
CVE-2026-3446
|
|
| VCID-zh1r-7rzh-2bez | cpython: Header injection in http.cookies.Morsel in Python |
CVE-2026-0672
|
| VCID-znkr-fxtj-4uc7 | cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked |
CVE-2025-8291
|