Search for packages
| purl | pkg:deb/debian/python3.14@3.14.5-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-a2st-585f-uucu |
CVE-2026-1502
|
|
| VCID-rcu5-gpmt-r7cb |
CVE-2026-6100
|
|
| VCID-vk3a-td8w-ebfp | http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value. |
CVE-2026-6019
|
| VCID-ygdw-ymrf-kqg1 |
CVE-2026-5713
|
|
| VCID-zxzn-25zt-ukct | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. |
CVE-2026-4786
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-14T21:40:59.598533+00:00 | Debian Importer | Fixing | VCID-rcu5-gpmt-r7cb | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-14T20:03:09.656353+00:00 | Debian Importer | Fixing | VCID-zxzn-25zt-ukct | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-14T15:54:07.566673+00:00 | Debian Importer | Fixing | VCID-vk3a-td8w-ebfp | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-14T14:01:48.055622+00:00 | Debian Importer | Fixing | VCID-a2st-585f-uucu | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-14T13:39:04.076861+00:00 | Debian Importer | Fixing | VCID-ygdw-ymrf-kqg1 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |