Filter
-Infinity
0

Python JSON LoggerPython JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

8.8
EPSS
0.61%
First published (updated )

[CVE-2024-3220] CPython: Default mimetype known files writeable on Windows

Fwd: [Security-announce][CVE-2024-12254] Unbounded memory buffering in SelectorSocketTransport.writelines()

Python 2.7Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "paus…

First published (updated )

debian/python3.11Unbounded memory buffering in SelectorSocketTransport.writelines()

8.7
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

PythonA vulnerability has been found in the CPython `venv` module and CLI where path names provided when c…

First published (updated )

Python 2.7Virtual environment (venv) activation scripts don't quote paths

7.8
EPSS
0.04%
First published (updated )

Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20

CPython: [CVE-2024-6232] gular-expssion DoS when parsing TarFile headers

Python 2.7Regular-expression DoS when parsing TarFile headers

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names

CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names

CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names

Python 2.7Quadratic complexity parsing cookies with backslashes

7.5
EPSS
0.11%
First published (updated )

CPython CVE-2024-6923: Email header injection due to unquoted newlines

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Fwd: [Security-announce] [CVE-2024-3219] Pu-Python fallback of socket.socketpair() doesn’t authenticate peer connection

PythonPure-Python fallback of socket.socketpair() doesn’t authenticate peer connection

First published (updated )

Red Hat Service InterconnectModerate: Red Hat Service Interconnect security update

First published (updated )

Fwd: [Security-announce][CVE-2024-5642] Buffer over-ad in SSLContext.set_npn_protocols() for Python 3.9 and earlier

PythonBuffer overread when using an empty list with SSLContext.set_npn_protocols()

EPSS
0.04%
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Fwd: [Security-announce][CVE-2024-4032] Incorct IPv4 and IPv6 private ranges

Fwd: [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate stomethods

NASA AIT-CoreAn issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary co…

7.5
First published (updated )

Python 2.7tempfile.mkdtemp() may be readable and writeable by all users on Windows

7.1
EPSS
0.04%
First published (updated )

PythonAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.1…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

PythonAn issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.1…

First published (updated )

BleepingComputerPyPI suspends new user registration to block malware campaign

First published (updated )

The RegisterOver 170K users caught up in poisoned Python package ruse

First published (updated )

BleepingComputerHackers poison source code for largest Discord bot platform

First published (updated )

BleepingComputerHackers poison source code from largest Discord bot platform

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203