Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions before 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its content...
Python-jwt Project Python-jwt
3 Github repositories
6.5
CVSSv3
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote malicious users to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Bzip Bzip2 1.0.6
Python Python
4 Github repositories
NA
CVE-2014-1928
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-c...
Python-gnupg Project Python-gnupg
6.1
CVSSv3
CVE-2020-11888
python-markdown2 up to and including 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Python-markdown2 Project Python-markdown2
6.1
CVSSv3
CVE-2018-5773
An issue exists in markdown2 (aka python-markdown2) up to and including 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting ...
Python-markdown2 Project Python-markdown2
9.8
CVSSv3
CVE-2016-7036
python-jose prior to 1.3.2 allows malicious users to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Python-jose Project Python-jose
8.8
CVSSv3
CVE-2019-13611
An issue exists in python-engineio up to and including 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows malicious users to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Python-engineio Project Python-engineio
1 Github repository
6.1
CVSSv3
CVE-2009-3724
python-markdown2 prior to 1.0.1.14 has multiple cross-site scripting (XSS) issues.
Python-markdown2 Project Python-markdown2
NA
CVE-2008-4108
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in a...
Python Software Foundation Python 2.4.5
9.8
CVSSv3
CVE-2022-30284
In the python-libnmap package up to and including 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken...
Python-libnmap Project Python-libnmap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »