Vulnerabilidades em Python Software Foundation
60 resultadosCVE-2024-7592HIGHQuadratic complexity parsing cookies with backslashesEPSS 2.3%CVE-2024-6232HIGHRegular-expression DoS when parsing TarFile headersEPSS 2.2%CVE-2024-12254HIGHUnbounded memory buffering in SelectorSocketTransport.writelines()EPSS 1.8%CVE-2025-13836MEDIUMExcessive read buffering DoS in http.clientEPSS 1.5%CVE-2025-0938MEDIUMURL parser allowed square brackets in domain namesEPSS 1.4%CVE-2023-6507MEDIUMGroups not dropped before running subprocess when using empty 'extra_groups' parameterEPSS 1.3%CVE-2024-8088HIGHInfinite loop when iterating over zip archive entry names from zipfile.PathEPSS 1.3%CVE-2025-4517CRITICALArbitrary writes via tarfile realpath overflowEPSS 1.2%CVE-2025-4138HIGHBypassing extraction filter to create symlinks to arbitrary targets outside extraction directoryEPSS 1.1%CVE-2024-4032HIGHIncorrect IPv4 and IPv6 private rangesEPSS 1.0%CVE-2024-0397HIGHMemory race condition in ssl.SSLContext certificate store methodsEPSS 0.8%CVE-2026-7210MEDIUMThe expat and elementtree parsers use insufficient entropy for XML hash-flooding protectionEPSS 0.8%CVE-2024-5642MEDIUMBuffer overread when using an empty list with SSLContext.set_npn_protocols()EPSS 0.7%CVE-2024-6923MEDIUMEmail header injection due to unquoted newlinesEPSS 0.7%CVE-2025-4330HIGHExtraction filter bypass for linking outside extraction directoryEPSS 0.7%CVE-2025-12084MEDIUMQuadratic complexity in node ID cache clearingEPSS 0.7%CVE-2024-11168MEDIUMImproper validation of IPv6 and IPvFuture addressesEPSS 0.7%CVE-2024-9287MEDIUMVirtual environment (venv) activation scripts don't quote pathsEPSS 0.6%CVE-2026-4224MEDIUMStack overflow parsing XML with deeply nested DTD content modelsEPSS 0.6%CVE-2024-12718MEDIUMBypass extraction filter to modify file metadata outside extraction directoryEPSS 0.6%