Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-30284
In the python-libnmap package up to and including 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken...
Python-libnmap Project Python-libnmap
7.5
CVSSv3
CVE-2019-15903
In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Libexpat Project Libexpat
Python Python
6.5
CVSSv3
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote malicious users to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Bzip Bzip2 1.0.6
Python Python
4 Github repositories
8.8
CVSSv3
CVE-2019-13611
An issue exists in python-engineio up to and including 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows malicious users to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Python-engineio Project Python-engineio
1 Github repository
9.3
CVSSv3
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Harveyzyh Python Project Harveyzyh Python
6.1
CVSSv3
CVE-2009-3724
python-markdown2 prior to 1.0.1.14 has multiple cross-site scripting (XSS) issues.
Python-markdown2 Project Python-markdown2
9.8
CVSSv3
CVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
Python Python
Netapp Max Data -
7.5
CVSSv3
CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Python-ecdsa Project Python-ecdsa
NA
CVE-2007-1657
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent malicious users to execute arbitrary code via a long file argument.
Python Software Foundation Python 2.5
1 EDB exploit
NA
CVE-2014-1928
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-c...
Python-gnupg Project Python-gnupg
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »