Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-13611
An issue exists in python-engineio up to and including 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows malicious users to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Python-engineio Project Python-engineio
1 Github repository
9.1
CVSSv3
CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions before 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its content...
Python-jwt Project Python-jwt
3 Github repositories
9.8
CVSSv3
CVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
Python Python
Netapp Max Data -
6.1
CVSSv3
CVE-2020-11888
python-markdown2 up to and including 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Python-markdown2 Project Python-markdown2
NA
CVE-2014-1928
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-c...
Python-gnupg Project Python-gnupg
6.1
CVSSv3
CVE-2009-3724
python-markdown2 prior to 1.0.1.14 has multiple cross-site scripting (XSS) issues.
Python-markdown2 Project Python-markdown2
NA
CVE-2014-1932
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and previous versions and Pillow prior to 2.3.1 do not properly create...
Python Pillow
Pythonware Python Imaging Library
NA
CVE-2014-1933
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and previous versions and Pillow prior to 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the ...
Python Pillow
Pythonware Python Imaging Library
9.8
CVSSv3
CVE-2022-48565
An XML External Entity (XXE) issue exists in Python up to and including 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Python Python
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2022-38887
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.
D8s-python Project D8s-python 0.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »