VulnerableCode Package Details - pkg:rpm/redhat/python3.12@3.12.13-2?arch=el8_10

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/python3.12@3.12.13-2?arch=el8_10

Essentials
History (13)

purl	pkg:rpm/redhat/python3.12@3.12.13-2?arch=el8_10

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-1pr1-jkqa-43g6 Aliases: CVE-2026-2297	cpython: CPython: Logging Bypass in Legacy .pyc File Handling	There are no reported fixed by versions.
VCID-1uk5-6yqb-dyb5 Aliases: CVE-2025-13837	cpython: Out-of-memory when loading Plist	There are no reported fixed by versions.
VCID-77y6-jskt-qucb Aliases: CVE-2025-59375	libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.	There are no reported fixed by versions.
VCID-94n7-6q4s-3udv Aliases: CVE-2025-15282	cpython: Header injection via newlines in data URL mediatype in Python	There are no reported fixed by versions.
VCID-9vcx-2fts-gkfw Aliases: CVE-2026-4224	cpython: Stack overflow parsing XML with deeply nested DTD content models	There are no reported fixed by versions.
VCID-a2st-585f-uucu Aliases: CVE-2026-1502		There are no reported fixed by versions.
VCID-fcsb-dn49-47gy Aliases: CVE-2025-6075	python: Quadratic complexity in os.path.expandvars() with user-controlled template	There are no reported fixed by versions.
VCID-gqzt-rh1w-jkfu Aliases: CVE-2026-3644	cpython: Incomplete control character validation in http.cookies	There are no reported fixed by versions.
VCID-rcu5-gpmt-r7cb Aliases: CVE-2026-6100		There are no reported fixed by versions.
VCID-zh1r-7rzh-2bez Aliases: CVE-2026-0672	cpython: Header injection in http.cookies.Morsel in Python	There are no reported fixed by versions.
VCID-zxzn-25zt-ukct Aliases: CVE-2026-4786	Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-02T08:56:04.709572+00:00	RedHat Importer	Affected by	VCID-rcu5-gpmt-r7cb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6100.json	38.6.0
2026-05-02T08:56:04.377129+00:00	RedHat Importer	Affected by	VCID-zxzn-25zt-ukct	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json	38.6.0
2026-04-29T12:59:33.853939+00:00	RedHat Importer	Affected by	VCID-77y6-jskt-qucb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json	38.5.0
2026-04-29T12:59:27.843278+00:00	RedHat Importer	Affected by	VCID-fcsb-dn49-47gy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json	38.5.0
2026-04-29T12:59:25.968879+00:00	RedHat Importer	Affected by	VCID-1uk5-6yqb-dyb5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json	38.5.0
2026-04-29T12:59:09.856305+00:00	RedHat Importer	Affected by	VCID-94n7-6q4s-3udv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json	38.5.0
2026-04-29T12:59:09.829223+00:00	RedHat Importer	Affected by	VCID-zh1r-7rzh-2bez	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json	38.5.0
2026-04-29T12:58:45.461362+00:00	RedHat Importer	Affected by	VCID-1pr1-jkqa-43g6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json	38.5.0
2026-04-29T12:58:40.036440+00:00	RedHat Importer	Affected by	VCID-gqzt-rh1w-jkfu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3644.json	38.5.0
2026-04-29T12:58:39.984095+00:00	RedHat Importer	Affected by	VCID-9vcx-2fts-gkfw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4224.json	38.5.0
2026-04-29T12:58:38.083549+00:00	RedHat Importer	Affected by	VCID-a2st-585f-uucu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1502.json	38.5.0
2026-04-29T12:58:37.988532+00:00	RedHat Importer	Affected by	VCID-rcu5-gpmt-r7cb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6100.json	38.5.0
2026-04-29T12:58:37.816280+00:00	RedHat Importer	Affected by	VCID-zxzn-25zt-ukct	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json	38.5.0