Search CVE reports

11 – 20 of 55 results

Detailed view

Sort by:

CVE-2025-15366

Medium priority

Ignored

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Ignored	Ignored	Ignored
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Ignored
python3.7	Not in release	Not in release	—	Ignored
python3.8	Not in release	Not in release	Ignored	Ignored
python3.9	Not in release	Not in release	Ignored	—
python3.10	Not in release	Ignored	—	—
python3.11	Not in release	Ignored	—	—
python3.12	Ignored	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-15282

Medium priority

Some fixes available 13 of 18

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled...

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-12084

Medium priority

Some fixes available 13 of 31

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

14 affected packages

jython, pypy3, python2.7, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jython	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
pypy3	Needs evaluation	Needs evaluation	Needs evaluation	—
python2.7	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-13837

Medium priority

Some fixes available 12 of 19

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Ignored	Ignored	Ignored
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-13836

Medium priority

Fixed

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory,...

12 affected packages

python3.8, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.8	Not in release	Not in release	Fixed	Fixed
python2.7	Not in release	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Not affected
python3.7	Not in release	Not in release	—	Not affected
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-6075

Medium priority

Some fixes available 12 of 24

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

13 affected packages

pypy3, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pypy3	Needs evaluation	Needs evaluation	Needs evaluation	—
python2.7	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-8291

Medium priority

Some fixes available 12 of 19

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the...

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-8194

Medium priority

Fixed

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop...

12 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	—	—
python3.5	Not in release	Not in release	—	—
python3.6	Not in release	Not in release	—	Fixed
python3.7	Not in release	Not in release	—	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	—
python3.10	Not in release	Fixed	—	—
python3.11	Not in release	Fixed	—	—
python3.12	Fixed	Not in release	—	—
python3.13	Not in release	Not in release	—	—
python3.14	Not in release	Not in release	—	—

CVE-2025-6069

Medium priority

Some fixes available 13 of 28

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

13 affected packages

jython, python2.7, python3.11, python3.12, python3.13...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jython	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python2.7	Not in release	Vulnerable	Vulnerable	Vulnerable
python3.11	Not in release	Fixed	Not in release	Not in release
python3.12	Fixed	Not in release	Not in release	Not in release
python3.13	Not in release	Not in release	Not in release	Not in release
python3.9	Not in release	Not in release	Fixed	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.10	Not in release	Fixed	Not in release	Not in release
python3.14	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: