Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-11888
python-markdown2 up to and including 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Python-markdown2 Project Python-markdown2
383
VMScore
CVE-2018-5773
An issue exists in markdown2 (aka python-markdown2) up to and including 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting ...
Python-markdown2 Project Python-markdown2
605
VMScore
CVE-2016-5851
python-docx prior to 0.8.6 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted document.
Python-openxml Project Python-docx
445
VMScore
CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Python-ecdsa Project Python-ecdsa
446
VMScore
CVE-2019-15903
In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Libexpat Project Libexpat
Python Python
383
VMScore
CVE-2009-3724
python-markdown2 prior to 1.0.1.14 has multiple cross-site scripting (XSS) issues.
Python-markdown2 Project Python-markdown2
NA
CVE-2022-48565
An XML External Entity (XXE) issue exists in Python up to and including 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Python Python
Debian Debian Linux 10.0
NA
CVE-2022-38887
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.
D8s-python Project D8s-python 0.1.0
668
VMScore
CVE-2014-1927
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a differe...
Python-gnupg Project Python-gnupg 0.3.5
231
VMScore
CVE-2016-9015
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information lea...
Python Urllib3 1.17
Python Urllib3 1.18
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »