Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-8315
In Python (CPython) 3.6 up to and including 3.6.10, 3.7 up to and including 3.7.6, and 3.8 up to and including 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the...
Python Python
7.4
CVSSv3
CVE-2021-28861
Python 3.x up to and including 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html d...
Python Python 3.11.0
Python Python
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2011-1364
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK prior to 1.5.4 allows remote malicious users to hijack the authentication of administrators fo...
Google App Engine Python Sdk
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.2
Google App Engine Python Sdk 1.1.2
Google App Engine Python Sdk 1.1.3
Google App Engine Python Sdk 1.2.0
Google App Engine Python Sdk 1.2.3
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.3.1
Google App Engine Python Sdk 1.3.2
Google App Engine Python Sdk 1.4.0
Google App Engine Python Sdk 1.4.1
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.8
Google App Engine Python Sdk 1.1.9
Google App Engine Python Sdk 1.2.7
Google App Engine Python Sdk 1.3.0
Google App Engine Python Sdk 1.3.7
Google App Engine Python Sdk 1.3.8
Google App Engine Python Sdk 1.5.2
NA
CVE-2011-4211
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK prior to 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS ...
Google App Engine Python Sdk 1.0.1
Google App Engine Python Sdk 1.0.2
Google App Engine Python Sdk 1.1.6
Google App Engine Python Sdk 1.1.7
Google App Engine Python Sdk 1.2.4
Google App Engine Python Sdk 1.2.5
Google App Engine Python Sdk 1.3.5
Google App Engine Python Sdk 1.3.6
Google App Engine Python Sdk 1.5.0
Google App Engine Python Sdk 1.5.1
Google App Engine Python Sdk
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.2.2
Google App Engine Python Sdk 1.3.3
Google App Engine Python Sdk 1.3.4
Google App Engine Python Sdk 1.4.2
Google App Engine Python Sdk 1.4.3
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.8
NA
CVE-2011-4212
The sandbox environment in the Google App Engine Python SDK prior to 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference wi...
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.2
Google App Engine Python Sdk 1.2.0
Google App Engine Python Sdk 1.2.3
Google App Engine Python Sdk 1.3.0
Google App Engine Python Sdk 1.3.1
Google App Engine Python Sdk 1.3.8
Google App Engine Python Sdk 1.4.0
Google App Engine Python Sdk 1.0.2
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.8
Google App Engine Python Sdk 1.1.9
Google App Engine Python Sdk 1.2.6
Google App Engine Python Sdk 1.2.7
Google App Engine Python Sdk 1.3.6
Google App Engine Python Sdk 1.3.7
Google App Engine Python Sdk 1.5.2
Google App Engine Python Sdk 1.1.3
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.2.2
5.5
CVSSv3
CVE-2023-33595
CPython v3.12.0 alpha 7 exists to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
Python Python 3.12.0
5.3
CVSSv3
CVE-2023-38898
An issue in Python cpython v.3.7 allows an malicious user to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) the...
Python Python 3.13.0
NA
CVE-2009-4134
Buffer underflow in the rgbimg module in Python 2.5 allows remote malicious users to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.
Python Python 2.5.0
NA
CVE-2011-1015
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote malicious users to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Python Python 3.0
NA
CVE-2010-1449
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote malicious users to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.
Python Python 2.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »