python

Top products

The 15 most recently published vulnerabilities affecting python.

• CVE-2026-44431urllib3: Sensitive headers forwarded across origins in proxied low-level redirects5.3May 13, 2026
• CVE-2026-44432urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API7.5May 13, 2026
• CVE-2026-7210The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection7.5May 11, 2026
• CVE-2026-42311Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)7.8May 9, 2026
• CVE-2026-42310Pillow: PDF Parsing Trailer Infinite Loop (DoS)5.5May 9, 2026
• CVE-2026-42308Pillow: Integer overflow when processing fonts5.5May 9, 2026
• CVE-2026-42309Pillow: Heap buffer overflow with nested list coordinates5.5May 9, 2026
• CVE-2026-3087shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs7.5Apr 27, 2026
• CVE-2026-6019BaseCookie.js_output() does not neutralize embedded characters6.1Apr 22, 2026
• CVE-2026-40192Pillow is vulnerable to a FITS GZIP decompression bomb7.5Apr 15, 2026
• CVE-2026-5271Possible to hijack modules in current working directory7.8Apr 1, 2026
• CVE-2026-25645Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function4.4Mar 25, 2026
• CVE-2026-4519webbrowser.open() allows leading dashes in URLs3.3Mar 20, 2026
• CVE-2026-4224Stack overflow parsing XML with deeply nested DTD content models7.5Mar 16, 2026
• CVE-2026-3644Incomplete control character validation in http.cookies7.5Mar 16, 2026