Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
Python Python
Netapp Max Data -
6.8
CVSSv2
CVE-2016-5851
python-docx prior to 0.8.6 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted document.
Python-openxml Project Python-docx
5
CVSSv2
CVE-2019-15903
In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Libexpat Project Libexpat
Python Python
7.5
CVSSv2
CVE-2007-1657
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent malicious users to execute arbitrary code via a long file argument.
Python Software Foundation Python 2.5
1 EDB exploit
7.2
CVSSv2
CVE-2008-4108
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in a...
Python Software Foundation Python 2.4.5
7.5
CVSSv2
CVE-2016-7036
python-jose prior to 1.3.2 allows malicious users to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Python-jose Project Python-jose
4.3
CVSSv2
CVE-2009-3724
python-markdown2 prior to 1.0.1.14 has multiple cross-site scripting (XSS) issues.
Python-markdown2 Project Python-markdown2
6.4
CVSSv2
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Harveyzyh Python Project Harveyzyh Python
6.4
CVSSv2
CVE-2022-31575
The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Livro Python Project Livro Python
4.6
CVSSv2
CVE-2014-1928
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-c...
Python-gnupg Project Python-gnupg
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »