Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Python Software Foundation — Vulnerabilities & Security Advisories 54

Browse all 54 CVE security advisories affecting Python Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Python Software Foundation (PSF) is a non-profit organization dedicated to protecting and advancing the Python programming language while supporting and facilitating the growth of a diverse global community of developers. As the steward of the official Python distribution, its core business involves maintaining the integrity of the interpreter and standard library, which are foundational to countless enterprise and scientific applications. Historically, vulnerabilities associated with the PSF’s maintained codebase have frequently involved memory corruption issues, such as buffer overflows, and logic flaws leading to privilege escalation or remote code execution (RCE) within the interpreter itself. While the PSF does not host third-party packages, its official releases have occasionally been targeted by supply chain attacks or misconfigurations in associated infrastructure. Notable incidents include critical flaws in the SSL/TLS handling and integer overflow bugs in the standard library, prompting rigorous security audits and rapid patch cycles to mitigate risks for the vast ecosystem relying on Python’s core infrastructure.

Found 53 results / 54Clear Filters
Top products by Python Software Foundation: CPython pymanager
CVE IDTitleCVSSSeverityPublished
CVE-2025-4435 Tarfile extracts filtered members when errorlevel=0 — CPython 7.5 High2025-06-03
CVE-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory — CPythonCWE-22 7.5 High2025-06-03
CVE-2025-4330 Extraction filter bypass for linking outside extraction directory — CPythonCWE-22 7.5 High2025-06-03
CVE-2025-4517 Arbitrary writes via tarfile realpath overflow — CPythonCWE-22 9.4 Critical2025-06-03
CVE-2025-4516 Use-after-free in "unicode_escape" decoder with error handler — CPythonCWE-416 7.5AIHighAI2025-05-15
CVE-2025-1795 Mishandling of comma during folding and unicode-encoding of email headers — CPython 7.5 -2025-02-28
CVE-2024-3220 Default mimetype known files writeable on Windows — CPythonCWE-426 5.5 -2025-02-14
CVE-2025-0938 URL parser allowed square brackets in domain names — CPythonCWE-20 9.1 -2025-01-31
CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines() — CPythonCWE-400 7.5 -2024-12-06
CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses — CPython 9.1 -2024-11-12
CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths — CPythonCWE-428 10.0AICriticalAI2024-10-22
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers — CPythonCWE-1333 6.5 -2024-09-03
CVE-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path — CPythonCWE-835 6.5 -2024-08-22
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes — CPythonCWE-400 5.3 -2024-08-19
CVE-2024-6923 Email header injection due to unquoted newlines — CPython 4.3 -2024-08-01
CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection — CPython 6.3AIMediumAI2024-07-29
CVE-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols() — CPython--AI2024-06-27
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods — CPython 7.4AIHighAI2024-06-17
CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges — CPython 7.5AIHighAI2024-06-17
CVE-2024-4030 tempfile.mkdtemp() may be readable and writeable by all users on Windows — CPythonCWE-276 7.1AIHighAI2024-05-07
CVE-2023-6597 Python 安全漏洞 — CPython 7.8 High2024-03-19
CVE-2024-0450 Quoted zip-bomb protection for zipfile — CPythonCWE-405 6.2 Medium2024-03-19
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter — CPythonCWE-269 6.1 Medium2023-12-08

This page lists every published CVE security advisory associated with Python Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.