Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-13404
The MSI installer for Python up to and including 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases prior to 3.5.) NOTE: the vendor's position is that it is the user&...
Python Python
7.4
CVSSv3
CVE-2021-28861
Python 3.x up to and including 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html d...
Python Python 3.11.0
Python Python
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2011-4211
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK prior to 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS ...
Google App Engine Python Sdk 1.0.1
Google App Engine Python Sdk 1.0.2
Google App Engine Python Sdk 1.1.6
Google App Engine Python Sdk 1.1.7
Google App Engine Python Sdk 1.2.4
Google App Engine Python Sdk 1.2.5
Google App Engine Python Sdk 1.3.5
Google App Engine Python Sdk 1.3.6
Google App Engine Python Sdk 1.5.0
Google App Engine Python Sdk 1.5.1
Google App Engine Python Sdk
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.2.2
Google App Engine Python Sdk 1.3.3
Google App Engine Python Sdk 1.3.4
Google App Engine Python Sdk 1.4.2
Google App Engine Python Sdk 1.4.3
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.8
NA
CVE-2011-4212
The sandbox environment in the Google App Engine Python SDK prior to 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference wi...
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.2
Google App Engine Python Sdk 1.2.0
Google App Engine Python Sdk 1.2.3
Google App Engine Python Sdk 1.3.0
Google App Engine Python Sdk 1.3.1
Google App Engine Python Sdk 1.3.8
Google App Engine Python Sdk 1.4.0
Google App Engine Python Sdk 1.0.2
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.8
Google App Engine Python Sdk 1.1.9
Google App Engine Python Sdk 1.2.6
Google App Engine Python Sdk 1.2.7
Google App Engine Python Sdk 1.3.6
Google App Engine Python Sdk 1.3.7
Google App Engine Python Sdk 1.5.2
Google App Engine Python Sdk 1.1.3
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.2.2
NA
CVE-2011-1364
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK prior to 1.5.4 allows remote malicious users to hijack the authentication of administrators fo...
Google App Engine Python Sdk
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.2
Google App Engine Python Sdk 1.1.2
Google App Engine Python Sdk 1.1.3
Google App Engine Python Sdk 1.2.0
Google App Engine Python Sdk 1.2.3
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.3.1
Google App Engine Python Sdk 1.3.2
Google App Engine Python Sdk 1.4.0
Google App Engine Python Sdk 1.4.1
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.8
Google App Engine Python Sdk 1.1.9
Google App Engine Python Sdk 1.2.7
Google App Engine Python Sdk 1.3.0
Google App Engine Python Sdk 1.3.7
Google App Engine Python Sdk 1.3.8
Google App Engine Python Sdk 1.5.2
5.3
CVSSv3
CVE-2023-38898
An issue in Python cpython v.3.7 allows an malicious user to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) the...
Python Python 3.13.0
5.5
CVSSv3
CVE-2023-33595
CPython v3.12.0 alpha 7 exists to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
Python Python 3.12.0
NA
CVE-2011-1015
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote malicious users to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Python Python 3.0
7.8
CVSSv3
CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...
Python Python 2.7.13
NA
CVE-2010-1449
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote malicious users to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.
Python Python 2.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »