Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Python — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting Python. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Python serves as a versatile language for web development, automation, and data analysis, powering critical business applications. Historically, vulnerabilities include remote code execution through unsafe deserialization, cross-site scripting from improper input handling, and privilege escalation via library flaws. While generally secure, notable incidents include the 2023 PyTorch supply chain attack and dependency confusion risks. The language's extensive ecosystem and dynamic typing can introduce security challenges if not properly managed. With 4 current CVEs, maintaining updated dependencies and following secure coding practices remain essential for mitigating risks in Python-based systems.

Found 1 results / 4Clear Filters
Top products by Python: mwlib Python keyring python Protobuf
UnknownCVE-2020-22972026-05-02
[3.11] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoade… · python/cpython@69ddd9b · GitHub
Unknown2026-05-02
[3.11] gh-141707: Skip TarInfo DIRTYPE normalization during GNU long … · python/cpython@9a23b75 · GitHub
MediumCVE-2025-00002026-05-02
[3.10] gh-141707: Skip TarInfo DIRTYPE normalization during GNU long … · python/cpython@72dde10 · GitHub
High2026-04-30
gh-146581: Fix vulnerability in shutil.unpack_archive() for ZIP files… · python/cpython@fc829e8 · GitHub
MediumGHSA-gh-903092026-04-30
[3.14] gh-90309: Base64-encode cookie values embedded in JS (GH-148889) · python/cpython@f795e04 · GitHub
HighGHSA-1465812026-04-30
[3.14] gh-146581: Fix vulnerability in shutil.unpack_archive() for ZI… · python/cpython@b01e594 · GitHub
HighGHSA-gh-1465812026-04-30
[3.13] gh-146581: Fix vulnerability in shutil.unpack_archive() for ZI… · python/cpython@ab5ef98 · GitHub
MediumCVE-2025-423042026-04-30
[3.13] gh-90309: Base64-encode cookie values embedded in JS (GH-148888) · python/cpython@3c59b8b · GitHub
HighGH-1481692026-04-30
[3.13] gh-148169: Fix webbrowser `%action` substitution bypass of das… · python/cpython@d6d6849 · GitHub
Medium2026-04-30
[3.14] gh-148169: Fix webbrowser `%action` substitution bypass of das… · python/cpython@28b4ad3 · GitHub
Highgh-1465812026-04-28
gh-146581: Fix vulnerability in shutil.unpack_archive() for ZIP files on Windows by serhiy-storchaka · Pull Request #146
High2026-04-28
shutil.unpack_archive() on Windows writes outside extract_dir for ZIP entries with drive-prefixed names · Issue #146581
Mediumgh-903092026-04-23
SimpleCookie.js_output is vulnerable to HTML injection · Issue #90309 · python/cpython
Mediumgh-903092026-04-23
gh-90309: Base64-encode cookie values embedded in JS · python/cpython@76b3923 · GitHub
Medium2026-04-22
gh-148808: Add boundary check to asyncio.AbstractEventLoop.sock_recvf… · python/cpython@1274766 · GitHub
HighGH-1488092026-04-22
[3.14] gh-148808: Add boundary check to asyncio.AbstractEventLoop.soc… · python/cpython@27522b7 · GitHub
HighGHSA-gh-1462112026-04-22
[3.14] gh-146211: Reject CR/LF in HTTP tunnel request headers (GH-146… · python/cpython@b1cf901 · GitHub
High2026-04-22
asyncio.AbstractEventLoop.sock_recvfrom_into() on Windows doesn't check buffer length · Issue #148808 · python/cpython
Highgh-1483952026-04-18
[3.14] gh-148395: Fix a possible UAF in `{LZMA,BZ2,_Zlib}Decompressor… · python/cpython@6a5f79c · GitHub
HighCVE-2024-63452026-04-18
[3.13] gh-148395: Fix a possible UAF in `{LZMA,BZ2,_Zlib}Decompressor… · python/cpython@c3cf71c · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Python. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.