Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CPython — Vulnerabilities & Security Advisories 62

All 62 CVE vulnerabilities found in CPython, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumerations (CWE) associated with CPython, the official reference implementation of the Python programming language developed by the Python Software Foundation. It compiles security advisories and vulnerability records for the CPython core interpreter and its standard library modules, covering historical data from 2000 through 2024. Users can utilize this resource to track vendor-specific advisories issued by the Python Security Response Team, analyze trends within specific weakness classes such as buffer overflows or injection flaws, and investigate the detailed vulnerability history of specific CPython releases. The data includes information on impact severity, affected versions, and patch status, providing a comprehensive view of the security landscape for this widely used open-source software. By centralizing these reports, the page facilitates efficient security auditing and risk assessment for organizations relying on CPython for their backend infrastructure or development environments. This structured overview helps developers and security professionals understand the evolution of security fixes and identify potential gaps in their current deployment strategies without sifting through disparate announcement archives.

Vendor: Python Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2025-11468 Folding email comments of unfoldable characters doesn't preserve parenthesis 6.5AIMediumAI2026-01-20
CVE-2025-12084 Quadratic complexity in node ID cache clearing 7.5AIHighAI2025-12-03
CVE-2025-13837 Out-of-memory when loading Plist 6.5AIMediumAI2025-12-01
CVE-2025-13836 Excessive read buffering DoS in http.client 9.8AICriticalAI2025-12-01
CVE-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template 7.5 -2025-10-31
CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked 4.3 Medium2025-10-07
CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset CWE-835 7.5 High2025-07-28
CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs CWE-1333 4.3 Medium2025-06-17
CVE-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory CWE-22 5.3 Medium2025-06-03
CVE-2025-4435 Tarfile extracts filtered members when errorlevel=0 7.5 High2025-06-03
CVE-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory CWE-22 7.5 High2025-06-03
CVE-2025-4330 Extraction filter bypass for linking outside extraction directory CWE-22 7.5 High2025-06-03
CVE-2025-4517 Arbitrary writes via tarfile realpath overflow CWE-22 9.4 Critical2025-06-03
CVE-2025-4516 Use-after-free in "unicode_escape" decoder with error handler CWE-416 7.5AIHighAI2025-05-15
CVE-2025-1795 Mishandling of comma during folding and unicode-encoding of email headers 7.5 -2025-02-28
CVE-2024-3220 Default mimetype known files writeable on Windows CWE-426 5.5 -2025-02-14
CVE-2025-0938 URL parser allowed square brackets in domain names CWE-20 9.1 -2025-01-31
CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines() CWE-400 7.5 -2024-12-06
CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses 9.1 -2024-11-12
CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths CWE-428 10.0AICriticalAI2024-10-22
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers CWE-1333 6.5 -2024-09-03
CVE-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path CWE-835 6.5 -2024-08-22
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes CWE-400 5.3 -2024-08-19
CVE-2024-6923 Email header injection due to unquoted newlines 4.3 -2024-08-01
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection 6.3AIMediumAI2024-07-29
CVE-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols() --AI2024-06-27
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods 7.4AIHighAI2024-06-17
CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges 7.5AIHighAI2024-06-17
CVE-2024-4030 tempfile.mkdtemp() may be readable and writeable by all users on Windows CWE-276 7.1AIHighAI2024-05-07
CVE-2023-6597 Python 安全漏洞 7.8 High2024-03-19

All 62 known CVE vulnerabilities affecting CPython with full Chinese analysis, references, and POCs where available.