Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-7036
python-jose prior to 1.3.2 allows malicious users to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Python-jose Project Python-jose
6.1
CVSSv3
CVE-2020-11888
python-markdown2 up to and including 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Python-markdown2 Project Python-markdown2
9.3
CVSSv3
CVE-2022-31575
The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Livro Python Project Livro Python
7.5
CVSSv3
CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Python-ecdsa Project Python-ecdsa
NA
CVE-2007-1657
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent malicious users to execute arbitrary code via a long file argument.
Python Software Foundation Python 2.5
1 EDB exploit
9.8
CVSSv3
CVE-2022-30284
In the python-libnmap package up to and including 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken...
Python-libnmap Project Python-libnmap
6.5
CVSSv3
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote malicious users to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Bzip Bzip2 1.0.6
Python Python
4 Github repositories
NA
CVE-2008-4108
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in a...
Python Software Foundation Python 2.4.5
9.1
CVSSv3
CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions before 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its content...
Python-jwt Project Python-jwt
3 Github repositories
8.8
CVSSv3
CVE-2019-13611
An issue exists in python-engineio up to and including 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows malicious users to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Python-engineio Project Python-engineio
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »