VulnerableCode Package Details - pkg:pypi/parso@0.3.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-5evb-4nh8-myen Aliases: CVE-2019-12760 GHSA-22mf-97vh-x8rw PYSEC-2019-109	DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."	0.5.0 Affected by 0 other vulnerabilities.
VCID-fd4h-wk4j-4udy Aliases: PYSEC-2019-39	DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."	0.5.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5evb-4nh8-myen
Aliases:
CVE-2019-12760
GHSA-22mf-97vh-x8rw
PYSEC-2019-109

** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."

0.5.0
Affected by 0 other vulnerabilities.

VCID-fd4h-wk4j-4udy
Aliases:
PYSEC-2019-39

0.5.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T14:25:08.331442+00:00	GHSA Importer	Affected by	VCID-5evb-4nh8-myen	https://github.com/advisories/GHSA-22mf-97vh-x8rw	38.6.0
2026-05-31T09:57:27.729713+00:00	GitLab Importer	Affected by	VCID-5evb-4nh8-myen	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/parso/CVE-2019-12760.yml	38.6.0
2026-05-31T09:37:32.978483+00:00	PyPI Importer	Affected by	VCID-fd4h-wk4j-4udy	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:37:32.911176+00:00	PyPI Importer	Affected by	VCID-5evb-4nh8-myen	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:18:20.321859+00:00	Pypa Importer	Affected by	VCID-5evb-4nh8-myen	https://github.com/pypa/advisory-database/blob/main/vulns/parso/PYSEC-2019-109.yaml	38.6.0