Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Python
Packages
1384
Stabilization
4
Outdated
32
Pull requests
0
Bugs
908
Security
37
Changelog
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to Gentoo Security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to Gentoo Security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to Gentoo Security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to Gentoo Security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to Gentoo Security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to Gentoo Security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to Gentoo Security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to Gentoo Security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to Gentoo Security
dev-python/nbconvert: arbitrary html injection
865721 - Assigned to Gentoo Security
<dev-python/oslo-utils-4.12.1: plaintext logging of certain passwords
867328 - Assigned to Gentoo Security
dev-python/py: ReDoS via subversion repository with crafted info
877455 - Assigned to Gentoo Security
<dev-python/werkzeug-2.2.3: DoS via multipart form upload
897962 - Assigned to Gentoo Security
<dev-python/tornado-6.3.2: open redirect vulnerability
906519 - Assigned to Gentoo Security
dev-python/reportlab: remote code execution
907924 - Assigned to Gentoo Security
<dev-python/starlette-0.27.0: local file inclusion vulnerability
907929 - Assigned to Gentoo Security
<dev-python/mechanicalsoup-1.3.0: Malicious web server can read arbitrary files on client using file input inside HTML form
909723 - Assigned to Gentoo Security
<dev-python/werkzeug-{2.3.8,3.0.1}: DoS via malformed multipart data
917768 - Assigned to Gentoo Security
<dev-python/pypdf-3.17.0: multiple vulnerabilities
918441 - Assigned to Gentoo Security
<dev-python/twisted-23.10.0_rc1: response ordering vulnerability
918526 - Assigned to Gentoo Security
<dev-python/paramiko-3.4.0: terrapin vulnerability
920299 - Assigned to Gentoo Security
<dev-python/pycryptodome-3.19.1: side-channel leakage with OAEP decryption
920912 - Assigned to Gentoo Security
<dev-python/jinja2-3.1.3: HTML attribute injection when passing user input as keys to xmlattr filter
921734 - Assigned to Gentoo Security
<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()
929208 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<dev-python/requests-2.32.0: Session object does not verify requests after making first request with verify=False
932327 - Assigned to Gentoo Security
<dev-python/pymysql-1.1.1: SQL injection if used with untrusted JSON input
932396 - Assigned to Gentoo Security
<dev-python/django-{5.0.7,4.2.14}: multiple vulnerabilities
935793 - Assigned to Gentoo Security
<dev-python/webob-1.8.8: Location header normalization during redirect leads to open redirect
937946 - Assigned to Gentoo Security
<dev-python/configobj-5.0.9: ReDoS via the validate function
940017 - Assigned to Gentoo Security
dev-lang/python: Virtual environment (venv) activation scripts don't quote paths
942077 - Assigned to Gentoo Security
<dev-python/werkzeug-3.0.6, <dev-python/quart-0.19.7: possible resource exhaustion when parsing file data in forms
942200 - Assigned to Gentoo Security
<dev-python/tornado-6.4.2: ReDoS in cookie parsing
944393 - Assigned to Gentoo Security
<dev-python/python-jose-3.4.0: multiple vulnerabilities
949740 - Assigned to Gentoo Security
<dev-lang/python-{3.14.0_beta2,3.13.3_p1,3.12.10_p1,3.11.12_p1,3.10.17_p1,3.9.22_p1}, <dev-lang/pypy-{3.10.7.3.19_p4,3.11.7.3.19_p9}: multiple vulnerabilities
956682 - Assigned to Gentoo Security
<dev-lang/python-{3.9.22_p2,3.10.17_p2,3.11.12_p2,3.12.10_p2,3.13.3_p2,3.14.0_beta2_p1}, <dev-lang/pypy-{3.10.7.3.19_p5,3.11.7.3.19_p10}: Multiple vulnerabilities
957088 - Assigned to Gentoo Security
<dev-python/requests-2.32.4: Netrc credential leak
957111 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.
Packages