VulnerableCode Package Details - pkg:deb/debian/python3.14@3.14.4-2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-11ed-tk56-8khn	python: Python: Command-line option injection in webbrowser.open() via crafted URLs	CVE-2026-4519
VCID-1pr1-jkqa-43g6	cpython: CPython: Logging Bypass in Legacy .pyc File Handling	CVE-2026-2297
VCID-9vcx-2fts-gkfw	cpython: Stack overflow parsing XML with deeply nested DTD content models	CVE-2026-4224
VCID-gqzt-rh1w-jkfu	cpython: Incomplete control character validation in http.cookies	CVE-2026-3644
VCID-n4au-q9bs-kucb	The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.	CVE-2025-13462
VCID-q653-8f64-gkbe		CVE-2026-3446

Vulnerability

Summary

Aliases

VCID-11ed-tk56-8khn

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

CVE-2026-4519

VCID-1pr1-jkqa-43g6

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

CVE-2026-2297

VCID-9vcx-2fts-gkfw

cpython: Stack overflow parsing XML with deeply nested DTD content models

CVE-2026-4224

VCID-gqzt-rh1w-jkfu

cpython: Incomplete control character validation in http.cookies

CVE-2026-3644

VCID-n4au-q9bs-kucb

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

CVE-2025-13462

VCID-q653-8f64-gkbe

CVE-2026-3446

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-02T03:06:49.305418+00:00	Debian Importer	Fixing	VCID-q653-8f64-gkbe	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-02T00:30:40.122070+00:00	Debian Importer	Fixing	VCID-n4au-q9bs-kucb	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:51:44.880239+00:00	Debian Importer	Fixing	VCID-gqzt-rh1w-jkfu	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:42:58.004098+00:00	Debian Importer	Fixing	VCID-1pr1-jkqa-43g6	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:39:47.024068+00:00	Debian Importer	Fixing	VCID-11ed-tk56-8khn	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:32:58.930919+00:00	Debian Importer	Fixing	VCID-9vcx-2fts-gkfw	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-04-27T03:14:53.856026+00:00	Debian Importer	Fixing	VCID-q653-8f64-gkbe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-27T02:16:48.059118+00:00	Debian Importer	Fixing	VCID-n4au-q9bs-kucb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-27T00:19:43.862574+00:00	Debian Importer	Fixing	VCID-gqzt-rh1w-jkfu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-27T00:13:28.236345+00:00	Debian Importer	Fixing	VCID-1pr1-jkqa-43g6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-27T00:11:22.214347+00:00	Debian Importer	Fixing	VCID-11ed-tk56-8khn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-27T00:06:48.116186+00:00	Debian Importer	Fixing	VCID-9vcx-2fts-gkfw	https://security-tracker.debian.org/tracker/data/json	38.4.0