Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Python Software Foundation — Vulnerabilities & Security Advisories 64

Browse all 64 CVE security advisories affecting Python Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Python Software Foundation (PSF) is a non-profit organization dedicated to protecting and advancing the Python programming language while supporting and facilitating the growth of a diverse global community of developers. As the steward of the official Python distribution, its core business involves maintaining the integrity of the interpreter and standard library, which are foundational to countless enterprise and scientific applications. Historically, vulnerabilities associated with the PSF’s maintained codebase have frequently involved memory corruption issues, such as buffer overflows, and logic flaws leading to privilege escalation or remote code execution (RCE) within the interpreter itself. While the PSF does not host third-party packages, its official releases have occasionally been targeted by supply chain attacks or misconfigurations in associated infrastructure. Notable incidents include critical flaws in the SSL/TLS handling and integer overflow bugs in the standard library, prompting rigorous security audits and rapid patch cycles to mitigate risks for the vast ecosystem relying on Python’s core infrastructure.

Top products by Python Software Foundation: CPython pymanager
CVE IDTitleCVSSSeverityPublished
CVE-2025-15282 Header injection via newlines in data URL mediatype — CPythonCWE-93 5.3AIMediumAI2026-01-20
CVE-2026-0865 wsgiref.headers.Headers allows header newline injection — CPythonCWE-74 4.7AIMediumAI2026-01-20
CVE-2025-11468 Folding email comments of unfoldable characters doesn't preserve parenthesis — CPython 6.5AIMediumAI2026-01-20
CVE-2025-12084 Quadratic complexity in node ID cache clearing — CPython 7.5AIHighAI2025-12-03
CVE-2025-13837 Out-of-memory when loading Plist — CPython 6.5AIMediumAI2025-12-01
CVE-2025-13836 Excessive read buffering DoS in http.client — CPython 9.8AICriticalAI2025-12-01
CVE-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template — CPython 7.5 -2025-10-31
CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked — CPython 4.3 Medium2025-10-07
CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset — CPythonCWE-835 7.5 High2025-07-28
CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs — CPythonCWE-1333 4.3 Medium2025-06-17
CVE-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory — CPythonCWE-22 5.3 Medium2025-06-03
CVE-2025-4435 Tarfile extracts filtered members when errorlevel=0 — CPython 7.5 High2025-06-03
CVE-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory — CPythonCWE-22 7.5 High2025-06-03
CVE-2025-4330 Extraction filter bypass for linking outside extraction directory — CPythonCWE-22 7.5 High2025-06-03
CVE-2025-4517 Arbitrary writes via tarfile realpath overflow — CPythonCWE-22 9.4 Critical2025-06-03
CVE-2025-4516 Use-after-free in "unicode_escape" decoder with error handler — CPythonCWE-416 7.5AIHighAI2025-05-15
CVE-2025-1795 Mishandling of comma during folding and unicode-encoding of email headers — CPython 7.5 -2025-02-28
CVE-2024-3220 Default mimetype known files writeable on Windows — CPythonCWE-426 5.5 -2025-02-14
CVE-2025-0938 URL parser allowed square brackets in domain names — CPythonCWE-20 9.1 -2025-01-31
CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines() — CPythonCWE-400 7.5 -2024-12-06
CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses — CPython 9.1 -2024-11-12
CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths — CPythonCWE-428 10.0AICriticalAI2024-10-22
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers — CPythonCWE-1333 6.5 -2024-09-03
CVE-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path — CPythonCWE-835 6.5 -2024-08-22
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes — CPythonCWE-400 5.3 -2024-08-19
CVE-2024-6923 Email header injection due to unquoted newlines — CPython 4.3 -2024-08-01
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection — CPython 6.3AIMediumAI2024-07-29
CVE-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols() — CPython--AI2024-06-27
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods — CPython 7.4AIHighAI2024-06-17
CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges — CPython 7.5AIHighAI2024-06-17

This page lists every published CVE security advisory associated with Python Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.