Known Vulnerabilities for products from Python
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Python".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34525 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34520 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34519 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34518 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34517 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34516 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34515 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34514 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34513 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-34452 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-25645 | Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a pred... | Not Provided | 2026-03-25 | 2026-03-30 |
| CVE-2022-24902 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.3 - MEDIUM | 2022-05-06 | 2022-05-16 |
| CVE-2022-24303 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.1 - CRITICAL | 2022-03-28 | 2023-11-07 |
| CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec m... | 9.8 - CRITICAL | 2022-01-10 | 2023-12-10 |
| CVE-2022-22816 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 6.5 - MEDIUM | 2022-01-10 | 2023-01-31 |
| CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 6.5 - MEDIUM | 2022-01-10 | 2023-01-31 |
| CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (UR... | 7.5 - HIGH | 2022-02-09 | 2023-11-07 |
| CVE-2021-42576 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce polic... | 9.8 - CRITICAL | 2021-10-18 | 2023-08-08 |
| CVE-2021-34552 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters direc... | 9.8 - CRITICAL | 2021-07-13 | 2023-11-07 |
| CVE-2021-33503 | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority comp... | 7.5 - HIGH | 2021-06-29 | 2023-11-07 |
Known software with vulnerabilities from Python
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Python | Decorator | 3.3.1 |
| Application | Python | Enum34 | 0.9 |
| Application | Python | Jw.util | 1.0 |
| Application | Python | Keyring | 0.2 |
| Application | Python | Networkx | 0.23 |
| Application | Python | Novajoin | - |
| Application | Python | Openpyxl | 1.1.0 |
| Application | Python | Pillow | 1.7.8 |
| Application | Python | Py-bcrypt | 0.1 |
| Application | Python | Pycryptodome | 3.0 |
| Application | Python | Pykerberos | - |
| Application | Python | Pypiserver | 0.1.0 |
| Application | Python | Python | - |
| Application | Python | Python-gnupg | 0.2.3 |
| Application | Python | Pyxdg | 0.25 |
| Application | Python | Requests | 0.0.1 |
| Application | Python | Rply | 0.7.0 |
| Application | Python | Rsa | 1.1 |
| Application | Python | Setuptools | 0.6.40 |
| Application | Python | Tablib | 0.0.1 |