Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python requests vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...
Python Urllib3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
6.5
CVSSv3
CVE-2020-8492
Python 2.7 up to and including 2.7.17, 3.5 up to and including 3.5.9, 3.6 up to and including 3.6.10, 3.7 up to and including 3.7.6, and 3.8 up to and including 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of...
Python Python
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2021-23336
The package python/cpython from 0 and prior to 3.6.13, from 3.7.0 and prior to 3.7.10, from 3.8.0 and prior to 3.8.8, from 3.9.0 and prior to 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaki...
Python Python
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Ontap Select Deploy Administration Utility -
Netapp Inventory Collect Tool -
Djangoproject Django
Oracle Zfs Storage Appliance 8.8
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Pricing Design Center 12.0.0.3.0
6.5
CVSSv3
CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specia...
Python Python
Python Python 3.10.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems Eus 8.4
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux For Power Little Endian Eus 8.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
Redhat Codeready Linux Builder For Ibm Z Systems 8.0
Redhat Codeready Linux Builder For Power Little Endian 8.0
Redhat Codeready Linux Builder 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
Netapp Ontap Select Deploy Administration Utility -
Netapp Hci Compute Node Firmware -
NA
CVE-2012-4520
The django.http.HttpRequest.get_host function in Django 1.3.x prior to 1.3.4 and 1.4.x prior to 1.4.2 allows remote malicious users to generate and display arbitrary URLs via crafted username and password Host header values.
Djangoproject Django 1.3.2
Djangoproject Django 1.3.3
Djangoproject Django 1.3
Djangoproject Django 1.3.1
Djangoproject Django 1.4
Djangoproject Django 1.4.1
7.5
CVSSv3
CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to syst...
Python Python
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Codeready Linux Builder For Ibm Z Systems 8.0
Redhat Codeready Linux Builder For Power Little Endian 8.0
Redhat Codeready Linux Builder 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 21.04
Netapp Ontap Select Deploy Administration Utility -
Netapp Hci -
Netapp Management Services For Element Software -
Netapp Netapp Xcp Smb -
Netapp Xcp Nfs -
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
9.8
CVSSv3
CVE-2019-19844
Django prior to 1.11.27, 2.x prior to 2.2.9, and 3.x prior to 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an malicious user to be sent a passwo...
Djangoproject Django
Djangoproject Django 3.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
7 Github repositories
NA
CVE-2011-0696
Django 1.1.x prior to 1.1.4 and 1.2.x prior to 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a &q...
Djangoproject Django 1.1.2
Djangoproject Django 1.1.3
Djangoproject Django 1.1
Djangoproject Django 1.1.0
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2
NA
CVE-2011-0697
Cross-site scripting (XSS) vulnerability in Django 1.1.x prior to 1.1.4 and 1.2.x prior to 1.2.5 might allow remote malicious users to inject arbitrary web script or HTML via a filename associated with a file upload.
Djangoproject Django 1.1
Djangoproject Django 1.1.3
Djangoproject Django 1.1.0
Djangoproject Django 1.1.2
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2
9.8
CVSSv3
CVE-2018-7749
The SSH server implementation of AsyncSSH prior to 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
Asyncssh Project Asyncssh
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »