Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Python
Packages
1195
Stabilization
12
Outdated
2
Pull requests
17
Bugs
153
Security
47
Changelog
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to security
<dev-python/pypy3-7.3.2: multiple vulnerabilities
741496 - Assigned to security
<dev-python/pypy-7.3.2: multiple vulnerabilities
741560 - Assigned to security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to security
<dev-python/autobahn-20.12.3: Redirect header injection (CVE-2020-35678)
761840 - Assigned to security
dev-python/m2crypto: Bleichenbacher vulnerability (CVE-2020-25657)
765166 - Assigned to security
<dev-python/python-levenshtein-0.12.1: Possible remote code execution
766009 - Assigned to security
<dev-python/pyyaml-5.4: Deserialization vulnerability (CVE-2020-14343)
766228 - Assigned to security
<dev-python/cryptography-3.3.2: certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow
769419 - Assigned to security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to security
<dev-python/aiohttp-3.7.4: Open redirect vulnerability in `aiohttp` (CVE-2021-21330)
772932 - Assigned to security
<dev-python/pypy{,3}-{7.3.3_p2-r1,7.3.3_p37_p1-r1}: multiple vulnerabilties
774114 - Assigned to security
<dev-python/lxml-4.6.3: JavaScript passthrough in HTML cleaner (CVE-2021-28957)
777579 - Assigned to security
<dev-python/pikepdf-2.10.0: XML External Entity (XXE) processing vulnerability in PDF XMP metadata parsing
779475 - Assigned to security
<dev-python/pypy3-7.3.3_p37_p3, <dev-python/pypy-7.3.3_p3: multiple vulnerabilities
782520 - Assigned to security
<dev-python/Babel-2.9.1: Arbitrary locale loading weakness (CVE-2021-20095)
786954 - Assigned to security
<dev-lang/python-{2.7.18_p9, 3.6.13_p3, 3.7.10_p3, 3.8.9_p2, 3.9.4_p1}: Improper Input Validation of octal literals (CVE-2021-29921)
787260 - Assigned to security
<dev-python/django-{2.2.21,3.1.9,3.2.1}: directory-traversal via uploaded files with suitably crafted file names (another one)
788130 - Assigned to security
<dev-python/django-{2.2.22,3.1.10,3.2.2}: header injection possibility via newlines and tabs in URLs (CVE-2021-32052)
788700 - Assigned to security
<dev-lang/python-{2.7.18_p11,3.6.13_p5,3.7.10_p6,3.8.10_p2,3.9.5_p2,3.10.0_beta2}, <dev-python/pypy-7.3.4_p1, <dev-python/pypy3-{7.3.4_p2,7.3.5_rc3_p1}: multiple vulnerabilities
793833 - Assigned to security
<dev-python/django-{2.2.24,3.1.12,3.2.4}: multiple vulnerabilities (CVE-2021-{33203,33571})
793911 - Assigned to security
<dev-python/eventlet-0.31.0: memory exhaustion from websocket peer (CVE-2021-21419)
798114 - Assigned to security
<dev-python/django-{3.1.13,3.2.5}: SQL injection vulnerability in QuerySet.order_by() (CVE-2021-35042)
799710 - Assigned to security
<dev-python/pillow-8.3.0: buffer overflow (CVE-2021-34552)
802090 - Assigned to security
<dev-python/pillow-8.3.2: buffer overflow due to color specifiers (?)
811450 - Assigned to security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to security
<dev-python/lxml-4.6.5: multiple HTML cleaner script injection vulnerabilities
829053 - Assigned to security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to security
<dev-python/django-{2.2.26,3.2.11}: Multiple vulnerabilities
830593 - Assigned to security
<dev-python/nltk-3.6.6: ReDoS vulnerability
830620 - Assigned to security
<dev-python/pillow-9.0.0: multiple vulnerabilities (CVE-2022-{22815,22816,22817})
830934 - Assigned to security
<dev-python/pillow-9.0.1: multiple vulnerabilities
832598 - Assigned to security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to security
<dev-python/twisted-22.1.0: secret exposure in cross-origin redirects
832875 - Assigned to security
dev-lang/python: SimpleHTTPRequestHandler open redirect
834533 - Assigned to security
dev-python/twisted: DoS via peer SSH version identifier
834542 - Assigned to security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to security
dev-python/virtualenv: bundles vulnerable urllib3 via vulnerable pip
835625 - Assigned to security
<dev-python/django-{2.2.28,3.2.13,4.0.4}: multiple vulnerabilities
837836 - Assigned to security
dev-lang/python: mailcap.findmatch on untrusted filenames leads to command injection
838250 - Assigned to security
<dev-python/pyjwt-2.4.0: Key confusion through non-blocklisted public key formats
843977 - Assigned to security
dev-python/httpx: improper URL input validation
844193 - Assigned to security
<dev-python/waitress-2.1.2: data race leading to early termination
849008 - Assigned to security
<dev-python/pillow-9.2.0: vulnerable to gif extent(?) decompression bombs
855683 - Assigned to security
<dev-python/ujson-5.4.0: multiple vulnerabilities
855689 - Assigned to security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.