Search for packages
| purl | pkg:deb/debian/python3.9@3.9.2-1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1uk5-6yqb-dyb5
Aliases: CVE-2025-13837 |
cpython: Out-of-memory when loading Plist | There are no reported fixed by versions. |
|
VCID-2j3t-a3r6-vfg7
Aliases: CVE-2021-3426 |
Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. | There are no reported fixed by versions. |
|
VCID-2shb-2cvn-dyd2
Aliases: CVE-2023-24329 |
Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-2v5u-2z4w-ffgx
Aliases: CVE-2024-4032 |
python: incorrect IPv4 and IPv6 private ranges | There are no reported fixed by versions. |
|
VCID-39e1-7qrc-53av
Aliases: CVE-2025-15366 |
cpython: IMAP command injection in user-controlled commands | There are no reported fixed by versions. |
|
VCID-4gsg-5e6s-63g4
Aliases: CVE-2021-28861 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-4z89-3tfk-pyge
Aliases: CVE-2023-40217 |
Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-5maz-1h1k-3qfj
Aliases: CVE-2025-4516 |
Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-7ka5-7jrn-dber
Aliases: CVE-2023-6597 |
Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-7s7y-9bw5-m3ep
Aliases: CVE-2024-6232 |
Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-8b19-pezx-6bcd
Aliases: CVE-2026-0865 |
cpython: wsgiref.headers.Headers allows header newline injection in Python | There are no reported fixed by versions. |
|
VCID-8dtv-379a-wqfs
Aliases: CVE-2025-13836 |
cpython: Excessive read buffering DoS in http.client | There are no reported fixed by versions. |
|
VCID-94n7-6q4s-3udv
Aliases: CVE-2025-15282 |
cpython: Header injection via newlines in data URL mediatype in Python | There are no reported fixed by versions. |
|
VCID-9nvp-aus1-9yed
Aliases: CVE-2024-6923 |
Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-9sms-mhht-n3aq
Aliases: CVE-2025-1795 |
python: Mishandling of comma during folding and unicode-encoding of email headers | There are no reported fixed by versions. |
|
VCID-a8mv-mr3q-vygz
Aliases: CVE-2022-42919 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-bn83-d2qp-9bfy
Aliases: CVE-2025-11468 |
cpython: Missing character filtering in Python | There are no reported fixed by versions. |
|
VCID-bqp2-x383-xqfh
Aliases: CVE-2015-20107 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-ct6h-d1eh-7bgj
Aliases: CVE-2021-3733 |
python: urllib: Regular expression DoS in AbstractBasicAuthHandler | There are no reported fixed by versions. |
|
VCID-dexx-3ssz-nqfg
Aliases: CVE-2023-27043 |
python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple | There are no reported fixed by versions. |
|
VCID-dnv8-yrd6-c7cv
Aliases: CVE-2024-8088 |
Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-e6rs-jwvu-jycd
Aliases: CVE-2021-3737 |
python: urllib: HTTP client possible infinite loop on a 100 Continue response | There are no reported fixed by versions. |
|
VCID-e6sb-bh7v-9ugg
Aliases: CVE-2025-0938 |
python: cpython: URL parser allowed square brackets in domain names | There are no reported fixed by versions. |
|
VCID-emaw-jmek-9bcy
Aliases: CVE-2025-6069 |
cpython: Python HTMLParser quadratic complexity | There are no reported fixed by versions. |
|
VCID-ewbq-2gm8-tyf5
Aliases: CVE-2022-37454 GHSA-6w4m-2xhg-2658 |
Buffer overflow in sponge queue functions ### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details. | There are no reported fixed by versions. |
|
VCID-fcsb-dn49-47gy
Aliases: CVE-2025-6075 |
python: Quadratic complexity in os.path.expandvars() with user-controlled template | There are no reported fixed by versions. |
|
VCID-h7z2-vc14-nfhq
Aliases: CVE-2020-10735 |
python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS | There are no reported fixed by versions. |
|
VCID-j8hj-k7wy-yfch
Aliases: CVE-2021-4189 |
python: ftplib should not use the host from the PASV response | There are no reported fixed by versions. |
|
VCID-js5p-py72-2kga
Aliases: CVE-2024-0450 |
Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-kn9b-2gxw-gqgx
Aliases: CVE-2026-1299 |
cpython: email header injection due to unquoted newlines | There are no reported fixed by versions. |
|
VCID-mtk7-qut6-syd8
Aliases: CVE-2025-8194 |
cpython: Cpython infinite loop when parsing a tarfile | There are no reported fixed by versions. |
|
VCID-nqqc-u8d5-8qf6
Aliases: CVE-2025-12084 |
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service | There are no reported fixed by versions. |
|
VCID-qqh6-evfk-1fgy
Aliases: CVE-2022-45061 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-qwhz-912b-8kh5
Aliases: CVE-2024-0397 |
cpython: python: Memory race condition in ssl.SSLContext certificate store methods | There are no reported fixed by versions. |
|
VCID-smck-sdx2-c7du
Aliases: CVE-2024-11168 |
python: Improper validation of IPv6 and IPvFuture addresses | There are no reported fixed by versions. |
|
VCID-tbuw-2msj-tqd9
Aliases: CVE-2024-9287 |
python: Virtual environment (venv) activation scripts don't quote paths | There are no reported fixed by versions. |
|
VCID-uf5s-kms5-g7a9
Aliases: CVE-2025-15367 |
cpython: POP3 command injection in user-controlled commands | There are no reported fixed by versions. |
|
VCID-v186-7sv1-ubej
Aliases: CVE-2024-7592 |
Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. | There are no reported fixed by versions. |
|
VCID-vpwj-d49q-1uh8
Aliases: CVE-2022-0391 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-z48d-eyxz-bycq
Aliases: CVE-2021-29921 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-zh1r-7rzh-2bez
Aliases: CVE-2026-0672 |
cpython: Header injection in http.cookies.Morsel in Python | There are no reported fixed by versions. |
|
VCID-znkr-fxtj-4uc7
Aliases: CVE-2025-8291 |
cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||