Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Python
Packages
1276
Stabilization
1
Outdated
0
Pull requests
7
Bugs
886
Security
43
Changelog
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to Gentoo Security
<dev-python/pypy3-7.3.2: multiple vulnerabilities
741496 - Assigned to Gentoo Security
<dev-python/pypy-7.3.2: multiple vulnerabilities
741560 - Assigned to Gentoo Security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to Gentoo Security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to Gentoo Security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to Gentoo Security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to Gentoo Security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to Gentoo Security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to Gentoo Security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to Gentoo Security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to Gentoo Security
dev-python/virtualenv: bundles vulnerable urllib3 via vulnerable pip
835625 - Assigned to Gentoo Security
<dev-python/cryptography-41.0.1: 'cargo audit' reports one or more bundled CRATES as vulnerable
864049 - Assigned to Gentoo Security
dev-python/nbconvert: arbitrary html injection
865721 - Assigned to Gentoo Security
dev-python/oslo-utils: plaintext logging of certain passwords
867328 - Assigned to Gentoo Security
dev-python/py: ReDoS via subversion repository with crafted info
877455 - Assigned to Gentoo Security
<dev-python/setuptools-65.5.1: REDoS vector in package_index
879813 - Assigned to Gentoo Security
<dev-python/pillow-9.4.0: multiple vulnerabilities
889594 - Assigned to Gentoo Security
<dev-python/cryptography-39.0.1: Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
893576 - Assigned to Gentoo Security
<dev-python/werkzeug-2.2.3: DoS via multipart form upload
897962 - Assigned to Gentoo Security
dev-python/redis: multiple vulnerabilities
903137 - Assigned to Gentoo Security
<dev-python/pillow-9.5.0: two security issues
903664 - Assigned to Gentoo Security
<dev-python/tornado-6.3.2: open redirect vulnerability
906519 - Assigned to Gentoo Security
dev-python/reportlab: remote code execution
907924 - Assigned to Gentoo Security
<dev-python/starlette-0.27.0: local file inclusion vulnerability
907929 - Assigned to Gentoo Security
<dev-python/MechanicalSoup-1.3.0: Malicious web server can read arbitrary files on client using file input inside HTML form
909723 - Assigned to Gentoo Security
<dev-lang/python-{3.8.18,3.9.18,3.10.13,3.11.5,3.12.0_rc1_p4}, <dev-python/pypy3_9-7.3.12_p2, <dev-python/pypy3_10-7.3.12_p5: Multiple vulnerabilities
912976 - Assigned to Gentoo Security
<dev-python/pillow-10.0.0: denial of service via OOM
916907 - Assigned to Gentoo Security
<dev-python/werkzeug-{2.3.8,3.0.1}: DoS via malformed multipart data
917768 - Assigned to Gentoo Security
<dev-python/pip-23.3: mercurial configuration injection on installation
918427 - Assigned to Gentoo Security
<dev-python/pypdf-3.17.0: multiple vulnerabilities
918441 - Assigned to Gentoo Security
<dev-python/twisted-23.10.0_rc1: response ordering vulnerability
918526 - Assigned to Gentoo Security
<dev-python/aiohttp-3.8.0: inconsistent interpretation of the http protocol
918541 - Assigned to Gentoo Security
<dev-python/cryptography-41.0.7: "null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle"
918685 - Assigned to Gentoo Security
<dev-python/aiohttp-3.9.0: CLRF injection via method
918968 - Assigned to Gentoo Security
<dev-lang/python-3.12.1:12: Groups not dropped before running subprocess when using empty 'extra_groups' parameter
919475 - Assigned to Gentoo Security
<dev-python/paramiko-3.4.0: terrapin vulnerability
920299 - Assigned to Gentoo Security
<dev-python/pycryptodome-3.19.1: side-channel leakage with OAEP decryption
920912 - Assigned to Gentoo Security
<dev-python/jinja-3.1.3: HTML attribute injection when passing user input as keys to xmlattr filter
921734 - Assigned to Gentoo Security
<dev-python/pillow-10.2.0: RCE when processing files with attacker-provided filenames
922577 - Assigned to Gentoo Security
<dev-python/cryptography-42.0.4: null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle
925120 - Assigned to Gentoo Security
<dev-python/pillow-10.3.0: buffer overflow in _imagingcms.c
928391 - Assigned to Gentoo Security
<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()
929208 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.