Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python3.14@3.14.4-2
purl pkg:deb/debian/python3.14@3.14.4-2
Next non-vulnerable version 3.14.5~rc1-1
Latest non-vulnerable version 3.14.5~rc1-1
Risk 4.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-rcu5-gpmt-r7cb
Aliases:
CVE-2026-6100
3.14.5~rc1-1
Affected by 0 other vulnerabilities.
VCID-vk3a-td8w-ebfp
Aliases:
CVE-2026-6019
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
3.14.5~rc1-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-11ed-tk56-8khn python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-4519
VCID-1pr1-jkqa-43g6 cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-2297
VCID-9vcx-2fts-gkfw cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4224
VCID-gqzt-rh1w-jkfu cpython: Incomplete control character validation in http.cookies CVE-2026-3644
VCID-n4au-q9bs-kucb The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations. CVE-2025-13462
VCID-q653-8f64-gkbe CVE-2026-3446

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-08T01:03:51.447311+00:00 Debian Importer Affected by VCID-rcu5-gpmt-r7cb https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-07T19:59:42.631221+00:00 Debian Importer Affected by VCID-vk3a-td8w-ebfp https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T03:06:49.305418+00:00 Debian Importer Fixing VCID-q653-8f64-gkbe https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:30:40.122070+00:00 Debian Importer Fixing VCID-n4au-q9bs-kucb https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:51:44.880239+00:00 Debian Importer Fixing VCID-gqzt-rh1w-jkfu https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:42:58.004098+00:00 Debian Importer Fixing VCID-1pr1-jkqa-43g6 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:39:47.024068+00:00 Debian Importer Fixing VCID-11ed-tk56-8khn https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:32:58.930919+00:00 Debian Importer Fixing VCID-9vcx-2fts-gkfw https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-04-27T03:14:53.856026+00:00 Debian Importer Fixing VCID-q653-8f64-gkbe https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-27T02:16:48.059118+00:00 Debian Importer Fixing VCID-n4au-q9bs-kucb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-27T00:19:43.862574+00:00 Debian Importer Fixing VCID-gqzt-rh1w-jkfu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-27T00:13:28.236345+00:00 Debian Importer Fixing VCID-1pr1-jkqa-43g6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-27T00:11:22.214347+00:00 Debian Importer Fixing VCID-11ed-tk56-8khn https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-27T00:06:48.116186+00:00 Debian Importer Fixing VCID-9vcx-2fts-gkfw https://security-tracker.debian.org/tracker/data/json 38.4.0