Homepage

python vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://python.org|python package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Server-side Request Forgery (SSRF)

[0,)
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

[3.11.0,3.13.2)
  • H
Untrusted Search Path

[,3.7.13)[3.8.0,3.8.13)[3.9.0,3.9.11)[3.10.0,3.10.3)[v3.11.0a1,v3.11.0a7)
  • H
Allocation of Resources Without Limits or Throttling

[3.12.0,)
  • M
Improper Validation of Specified Type of Input

[,3.11.4)[3.12.0a1,3.12.0b1)
  • M
Unquoted Search Path or Element

[0,)
  • M
Asymmetric Resource Consumption (Zip Bomb)

[3.8.0,3.8.19)[3.9.0,3.9.19)[3.10.0,3.10.14)[3.11.0,3.11.9)[3.12.0,3.12.3)
  • M
Improper Link Resolution Before File Access ('Link Following')

[3.8.0,3.8.19)[3.9.0,3.9.19)[3.10.0,3.10.14)[3.11.0,3.11.9)[3.12.0,3.12.3)
  • M
Buffer Over-read

[,3.10.0b2)
  • H
Improper Authentication

[3.5.0,3.8.20)[3.9.0,3.9.20)[3.10.0,3.10.15)[3.11.0,3.11.10)
  • H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

[3.8.0,3.8.20)[3.9.0,3.9.20)[3.10.0,3.10.15)[3.11.0,3.11.10)[3.12.0,3.12.6)
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

[3.8.0,3.8.20)[3.9.0,3.9.20)[3.10.0,3.10.15)[3.11.0,3.11.10)[3.12.0,3.12.6)
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

[3.10.0,3.10.15)[3.11.0,3.11.10)[3.12.0,3.12.6)
  • M
Regular Expression Denial of Service (ReDoS)

[,3.11.0)
  • M
Race Condition

[,3.10.14)[3.11.0,3.11.9)[3.12.0,3.12.3)[3.13.0a1,3.13.0a5)
  • M
Expected Behavior Violation

[,3.12.4)[3.13.0a1,3.13.0a6)
  • M
Improper Access Control

[0,)
  • M
Improper Privilege Management

[3.12.0,3.12.1)
  • H
Denial of Service (DoS)

[,3.10.0a2)
  • H
Timing Attack

[,3.10.0a3)
  • C
XML External Entity (XXE) Injection

[,3.6.13)[3.7.0,3.7.10)[3.8.0,3.8.7)[3.9.0,3.9.1)[3.10.0a1,3.10.0a2)
  • H
Use After Free

[,3.9.0a3)
  • H
Access Restriction Bypass

[3.8.0,3.8.18)[3.9.0,3.9.18)[3.10.0,3.10.13)[3.11.0,3.11.5)
  • H
Untrusted Search Path

[3.11.0,3.11.5)[3.12.0a1,3.12.0rc2)
  • M
Denial of Service (DoS)

[3.7,3.12)
  • H
Use After Free

[3.12.0a1,3.12.0b1)
  • M
Improper Validation of Syntactic Correctness of Input

[0,)
  • H
Improper Input Validation

[,3.11)
  • H
Denial of Service (DoS)

[0,)
  • C
Privilege Escalation

[3.9.0][3.10.0][3.11.0rc2]
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)

[0,)
  • H
Denial of Service (DoS)

[3.7.0,3.7.14)[3.8.0,3.8.14)[3.9.0,3.9.14)[3.10.0,3.10.7)
  • H
Directory Traversal

[,3.10.6)
  • M
Open Redirect

[0,)
  • M
Denial of Service (DoS)

[,3.11.0a1)
  • H
Unauthorized File Access

[,2.7.17)[3.0.0,3.5.0)
  • H
Information Exposure

[3.3,3.6.0]
  • L
Access Restriction Bypass

[2.6.1,3.2]
  • M
Buffer Overflow

[,2.4.3)
  • H
Arbitrary Code Execution

[,2.2.2)
  • M
Denial of Service (DoS)

[3.1,3.3]
  • M
Race Condition

[3.1,3.2]
  • C
Directory Traversal

[,2.7.8)[3.3.0,3.3.6)[3.4.0,3.4.2)
  • M
Improper Input Validation

[2.6.1,3.4]
  • M
Race Condition

[3.2.0,3.4.2]
  • H
Improper Input Validation

[3.5.0,3.5.10)[3.6.0,3.6.12)[3.7.0,3.7.9)[3.8.0,3.8.5)
  • M
Resource Management Errors

[3.2.0,3.3.2]
  • M
Denial of Service (DoS)

[0,2.5-14.fc7)
  • M
Out-of-Bounds

[,3.2]
  • H
Denial of Service (DoS)

[2.7.0,2.7.9)[3.2.0,3.2.6)[3.3.0,3.3.6)[3.4.0,3.4.3)
  • M
Regular Expression Denial of Service (ReDoS)

[2.7.0,2.7.18)[3.5.0,3.5.10)[3.6.0,3.6.11)[3.7.0,3.7.7)[3.8.0,3.8.2)
  • M
Improper Data Handling

[,2.7.9)[3.3.0,3.3.3)
  • M
Cross-site Scripting (XSS)

[,2.7.17)[3.5.0,3.5.8)[3.6.0,3.6.10)[3.7.0,3.7.5)
  • H
Improper Input Validation

[,2.7.17)[3.0.0,3.5.8)[3.6.0,3.6.10)[3.7.0,3.7.5)[3.8.0,3.8.4)
  • M
Out-of-Bounds

[3.2.0,3.6.5)
  • C
Arbitrary Command Injection

[,2.7)
  • C
Untrusted Search Path

[3.7.0a1,3.7.9)[3.8.0a1,3.8.5)[3.9.0a1,3.9.0b5)
  • M
Denial of Service (DoS)

[2.4,2.5]
  • H
Arbitrary Code Execution

[,2.6.1)
  • H
Buffer Overflow

[,2.5.0]
  • M
Information Exposure

[,2.7.18)[3.6.0,3.6.13)[3.7.0,3.7.10)[3.8.0,3.8.8)[3.9.0,3.9.3)
  • L
Cross-site Scripting (XSS)

[,2.6.0)
  • M
Out-of-bounds Write

[,2.5.0]
  • H
Integer Overflow or Wraparound

[3.4.0,3.7.1)
  • C
Buffer Overflow

[3.6.0,3.6.13)[3.7.0,3.7.10)[3.8.0,3.8.8)[3.9.0,3.9.2)
  • M
CRLF Injection

[2.0,2.7.17)[3.0.0,3.5.8)[3.6.0,3.6.9)[3.7.0,3.7.4)
  • H
Out-of-Bounds

[,2.7.7)[3.3.0,3.3.4)
  • L
Out-of-bounds Write

[,2.7.15)
  • M
Authentication Bypass

[,2.7.9)[3.4.0,3.4.3)
  • H
Improper Input Validation

[,2.7.15)[3.0,3.4.9)[3.5.0,3.5.6)(3.6.0,3.7.0)
  • H
Improper Input Validation

[,2.7.15)[3.0,3.4.9)[3.5.0,3.5.6)[3.6,3.6.5)
  • M
Resource Management Errors

[,2.6.8)[2.7.0,2.7.3)[3.1.0,3.1.5)[3.2.0,3.2.3)
  • C
Denial of Service (DoS)

[2.2.3,2.5.1]
  • M
HTTP Request Smuggling

[,3.6.13)[3.7.0,3.7.10)[3.8.0,3.8.8)[3.9.0,3.9.2)
  • H
Arbitrary Code Execution

[,2.3.5)
  • M
Denial of Service (DoS)

[3.1,3.2]
  • H
Denial of Service (DoS)

[,2.7)
  • M
Denial of Service (DoS)

[,2.5.3)
  • M
Denial of Service (DoS)

[1.5.2,2.5.2]
  • H
Denial of Service (DoS)

[3.5.0,3.5.7)[3.6.0,3.6.9)[3.7.0,3.7.3)
  • M
Denial of Service (DoS)

[,2.7.1)[3.0,3.1.2)
  • M
Clickjacking

[,2.7.12)[3.3.0,3.3.7)[3.4.0,3.4.5)[3.5.0,3.5.2)
  • C
Insufficiently Protected Credentials

[,3.8.0a4)
  • H
Denial of Service (DoS)

[,2.5.2)
  • M
Denial of Service (DoS)

[,2.7.8)
  • M
Improper Input Validation

[2.0,2.7.17)[3.0.0,3.4.10)[3.5.0,3.5.7)[3.6.0,3.6.9)[3.7.0,3.7.3)
  • C
Integer Overflow or Wraparound

[,2.7.12)[3.4,3.4.5)[3.5,3.5.2)
  • C
Integer Overflow or Wraparound

[,3.5)
  • M
Divide By Zero

[,3.7.0)
  • H
Arbitrary Code Execution

[,2.5]
  • H
Symlink Attack

[,2.4.5]
  • H
Arbitrary Code Execution

[3.6.0,3.6.11)[3.7.0,3.7.9)[3.8.0,3.8.4)
  • M
Resource Management Errors

[,2.7.2)[3.2.0,3.2.1)
  • H
CVE-2015-5652

[,3.5.1)
  • H
Cross-site Scripting (XSS)

[3.0.0,3.5.10)[3.6.0,3.6.12)[3.7.0,3.7.9)[3.8.0,3.8.5)
  • M
Information Exposure

[,3.0]
  • H
Integer Overflow or Wraparound

[,2.5.0]
  • M
Open Redirect

[,2.7.12)
  • M
Incorrect Calculation

[3.0.0,3.5.10)[3.6.0,3.6.12)[3.7.0,3.7.9)[3.8.0,3.8.4)
  • H
Out-of-Bounds

[,2.5.3)
  • C
Directory Traversal

[2.0,2.7.17)
  • M
Cryptographic Issues

[,2.6.8)[2.7.0,2.7.3)[3.0.0,3.1.5)[3.2.0,3.2.3)
  • H
NULL Pointer Dereference

[,2.7.12)[3.0.0,3.4.10)[3.5.0,3.5.7)[3.6.0,3.6.9)[3.7.0,3.7.3)
  • C
Improper Neutralization of Directives in Dynamically Evaluated Code

[3.0.0,3.6.13)[3.7.0,3.7.10)[3.8.0,3.8.7)
  • C
Information Exposure

[2.7.0,2.7.17)[3.0.0,3.4.10)[3.5.0,3.5.7)[3.6.0,3.6.9)[3.7.0,3.7.3)
  • M
Arbitrary Code Execution

[3.6.0,3.6.11)[3.7.0,3.7.7)[3.8.0,3.8.2)
  • M
Improper Validation of Array Index

[,2.7.7)[3.3.0,3.3.6)[3.4.0,3.4.1)
  • M
Cross-site Scripting (XSS)

[3.6.0,3.6.13)
  • M
Cryptographic Issues

[2.7.1,3.3.5]
  • C
Improper Input Validation

[3.8.0,3.9.5)
  • H
Incorrect Calculation

[0,)
  • H
Denial of Service (DoS)

[1.5.2,2.5.2]
  • H
Out-of-Bounds

[,2.5.3)
  • M
Improper Input Validation

[,3.3.4)
  • H
Denial of Service (DoS)

[1.5.2,2.5.1]
  • M
HTTP Response Splitting

[,2.7.10)[3.0.0,3.3.7)[3.4.0,3.4.4)
  • M
Arbitrary Code Injection

[2.0,2.7.18)[3.0,3.5.10)[3.6.0,3.6.11)[3.7.0,3.7.8)[3.8.0,3.8.3)
  • M
CRLF Injection

[2.0,2.7.17)[3.0.0,3.5.8)[3.6.0,3.6.9)[3.7.0,3.7.4)
  • H
Missing Initialization of Resource

[2.7.0,2.7.16)[3.4.0,3.4.10)[3.5.0,3.5.7)[3.6.0,3.6.7)
  • H
Denial of Service (DoS)

[,2.5.3)