CVE-2020-15523

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...

USN-7280-2: Python vulnerability

USN-7280-1 fixed a vulnerability in Python. This update provides the corresponding updates for some additional Python packages in Ubuntu releases. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker cou...

USN-7280-2 python vulnerability

USN-7280-1 fixed a vulnerability in Python. This update provides the corresponding updates for some additional Python packages in Ubuntu releases. Original advisory details: It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker cou...

CVE-2019-17019

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. Note: this issue only occurs on Windows. Other operating systems are unaffected...

CVE-2017-20052

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

Python Use After Free Vulnerability (May 2025) - Linux

Python is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Python Use After Free Vulnerability (May 2025) - Mac OS X

Python is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Alibaba Cloud Linux 3 : 0278: python3.11 (ALINUX3-SA-2024:0278)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0278 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9287: A vulnerability has been found in th...

Alibaba Cloud Linux 3 : 0242: python3.11 (ALINUX3-SA-2024:0242)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0242 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-6232: There is a MEDIUM severity...

RHEL 9 : python3.11 (RHSA-2025:7109)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7109 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Python sandbox escape leading to Remote Code Execution (RCE)

Smolagents python sandbox escape leading to Remote Code Execution RCE Summary Smolagents is a barebones library for building agents that “ think in Python code ”—generating and executing Python as part of their reasoning process. Given this design, secure code execution is a critical backbone of...

RHEL 9 : python3.11 (RHSA-2025:3634)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3634 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

K000150749: Python vulnerability CVE-2024-4032

Security Advisory Description The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network,...

F5 Networks BIG-IP : Python vulnerability (K000150749)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000150749 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as...

soprano-tts (=0.0.2) potentially affected by CVE-2025-3162 via lmdeploy (=0.12.3)

lmdeploy PYPI version =0.12.3 is affected by a known vulnerability. The following packages have a transitive dependency on lmdeploy and may be impacted: - soprano-tts =0.0.2 Source cves: CVE-2025-3162 Source advisory: SNYK:PYTHON-LMDEPLOY-9723887...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-924)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-924 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

CVE-2025-30358

Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to...

Ubuntu: Security Advisory (USN-7348-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2025:0861-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0861-1 advisory. - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307. Tenable has extracted the preceding description...