cpython vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the cpython package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Handling of Length Parameter Inconsistency	[0,)
H Allocation of Resources Without Limits or Throttling	[3.12.2,)
M Access of Resource Using Incompatible Type ('Type Confusion')	[3.11.9,)
M Regular Expression Denial of Service (ReDoS)	[0,)
C Directory Traversal	[0,)
H Directory Traversal	[0,)
H Directory Traversal	[0,)
M Use of Incorrectly-Resolved Name or Reference	[0,)
C Directory Traversal	[0,)
M Use After Free	[0,)
L Untrusted Search Path	[0,)
L Improper Handling of Inconsistent Special Elements	[,3.11.9)[3.12.2,3.12.7)
M Server-side Request Forgery (SSRF)	[0,)
H Untrusted Search Path	[,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)
M Improper Validation of Specified Type of Input	[,3.11.9)
M Unquoted Search Path or Element	[0,)
M Asymmetric Resource Consumption (Zip Bomb)	[3.8.12,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)[3.12.2,3.12.7)
M Improper Link Resolution Before File Access ('Link Following')	[3.8.12,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)[3.12.2,3.12.7)
M Buffer Over-read	[,3.10.0)
H Improper Authentication	[3.7.12,3.12.2)
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	[3.8.12,3.12.7)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[,3.12.7)
M Loop with Unreachable Exit Condition ('Infinite Loop')	[,3.12.7)
M Regular Expression Denial of Service (ReDoS)	[,3.11.9)[3.12.2,3.12.7)
M Race Condition	[,3.10.14)[3.12.2,3.12.7)
M Expected Behavior Violation	[,3.12.7)
M Improper Access Control	[,3.12.7)
H Denial of Service (DoS)	[,3.7.12)
H Timing Attack	[,3.7.12)
C XML External Entity (XXE) Injection	[,3.7.12)
H Use After Free	[,3.7.12)
H Access Restriction Bypass	[3.8.12,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)
M Improper Validation of Syntactic Correctness of Input	[3.8.12,3.12.2)
H Improper Input Validation	[,3.11.9)
H Denial of Service (DoS)	[,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)
C Privilege Escalation	[3.9.7,3.9.19)
M Arbitrary File Write via Archive Extraction (Zip Slip)	[,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)
H Denial of Service (DoS)	[,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)
H Directory Traversal	[3.7.12,3.8.19)[3.9.7,3.9.19)[3.10.0,3.10.14)
M Denial of Service (DoS)	[,3.10.0)
M Improper Input Validation	[2.7.18,3.7.12)
M Race Condition	[,3.7.12)
M Resource Management Errors	[,3.7.12)
M HTTP Request Smuggling	[,3.7.12)
C Insufficiently Protected Credentials	[,3.8.12)
M Divide By Zero	[,3.7.12)
H CVE-2015-5652	[,3.7.12)
M Cryptographic Issues	[,3.7.12)
C Improper Input Validation	[3.8.12,3.9.7)
M Improper Input Validation	[,3.7.12)

Vulnerability

Vulnerable Version

Improper Handling of Length Parameter Inconsistency

[0,)

Allocation of Resources Without Limits or Throttling

[3.12.2,)

Access of Resource Using Incompatible Type ('Type Confusion')

[3.11.9,)

Regular Expression Denial of Service (ReDoS)

[0,)

Directory Traversal

[0,)