Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Python
Packages
1366
Stabilization
10
Outdated
29
Pull requests
0
Bugs
927
Security
35
Changelog
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to Gentoo Security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to Gentoo Security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to Gentoo Security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to Gentoo Security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to Gentoo Security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to Gentoo Security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to Gentoo Security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to Gentoo Security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to Gentoo Security
dev-python/nbconvert: arbitrary html injection
865721 - Assigned to Gentoo Security
<dev-python/oslo-utils-4.12.1: plaintext logging of certain passwords
867328 - Assigned to Gentoo Security
dev-python/py: ReDoS via subversion repository with crafted info
877455 - Assigned to Gentoo Security
<dev-python/werkzeug-2.2.3: DoS via multipart form upload
897962 - Assigned to Gentoo Security
<dev-python/tornado-6.3.2: open redirect vulnerability
906519 - Assigned to Gentoo Security
dev-python/reportlab: remote code execution
907924 - Assigned to Gentoo Security
<dev-python/starlette-0.27.0: local file inclusion vulnerability
907929 - Assigned to Gentoo Security
<dev-python/werkzeug-{2.3.8,3.0.1}: DoS via malformed multipart data
917768 - Assigned to Gentoo Security
<dev-python/pypdf-3.17.0: multiple vulnerabilities
918441 - Assigned to Gentoo Security
<dev-python/twisted-23.10.0_rc1: response ordering vulnerability
918526 - Assigned to Gentoo Security
<dev-python/paramiko-3.4.0: terrapin vulnerability
920299 - Assigned to Gentoo Security
<dev-python/pycryptodome-3.19.1: side-channel leakage with OAEP decryption
920912 - Assigned to Gentoo Security
<dev-python/pillow-10.3.0: buffer overflow in _imagingcms.c
928391 - Assigned to Gentoo Security
<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()
929208 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<dev-python/requests-2.32.0: Session object does not verify requests after making first request with verify=False
932327 - Assigned to Gentoo Security
<dev-python/pymysql-1.1.1: SQL injection if used with untrusted JSON input
932396 - Assigned to Gentoo Security
<dev-python/django-{5.0.7,4.2.14}: multiple vulnerabilities
935793 - Assigned to Gentoo Security
<dev-lang/python-{3.8.19_p3,3.9.19_p4,3.10.14_p2,3.11.9_p1,3.12.4_p3,3.13.0_rc1_p1}, <dev-python/pypy3_{9,10}-7.3.16_p1: Email header injection due to unquoted newlines
937124 - Assigned to Gentoo Security
<dev-python/twisted-24.7.0_rc1: twisted.web has disordered HTTP pipeline response
937641 - Assigned to Gentoo Security
<dev-python/webob-1.8.8: Location header normalization during redirect leads to open redirect
937946 - Assigned to Gentoo Security
<dev-python/configobj-5.0.9: ReDoS via the validate function
940017 - Assigned to Gentoo Security
dev-lang/python: Virtual environment (venv) activation scripts don't quote paths
942077 - Assigned to Gentoo Security
<dev-python/werkzeug-3.0.6, <dev-python/quart-0.19.7: possible resource exhaustion when parsing file data in forms
942200 - Assigned to Gentoo Security
<dev-python/tornado-6.4.2: ReDoS in cookie parsing
944393 - Assigned to Gentoo Security
<dev-python/python-jose-3.4.0: multiple vulnerabilities
949740 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.