Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Python
Packages
1281
Stabilization
4
Outdated
12
Pull requests
7
Bugs
902
Security
39
Changelog
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to Gentoo Security
<dev-python/pypy3-7.3.2: multiple vulnerabilities
741496 - Assigned to Gentoo Security
<dev-python/pypy-7.3.2: multiple vulnerabilities
741560 - Assigned to Gentoo Security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to Gentoo Security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to Gentoo Security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to Gentoo Security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to Gentoo Security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to Gentoo Security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to Gentoo Security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to Gentoo Security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to Gentoo Security
dev-python/virtualenv: bundles vulnerable urllib3 via vulnerable pip
835625 - Assigned to Gentoo Security
<dev-python/cryptography-41.0.1: 'cargo audit' reports one or more bundled CRATES as vulnerable
864049 - Assigned to Gentoo Security
dev-python/nbconvert: arbitrary html injection
865721 - Assigned to Gentoo Security
<dev-python/oslo-utils-4.12.1: plaintext logging of certain passwords
867328 - Assigned to Gentoo Security
dev-python/py: ReDoS via subversion repository with crafted info
877455 - Assigned to Gentoo Security
<dev-python/cryptography-39.0.1: Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
893576 - Assigned to Gentoo Security
<dev-python/werkzeug-2.2.3: DoS via multipart form upload
897962 - Assigned to Gentoo Security
dev-python/redis: multiple vulnerabilities
903137 - Assigned to Gentoo Security
<dev-python/tornado-6.3.2: open redirect vulnerability
906519 - Assigned to Gentoo Security
dev-python/reportlab: remote code execution
907924 - Assigned to Gentoo Security
<dev-python/starlette-0.27.0: local file inclusion vulnerability
907929 - Assigned to Gentoo Security
<dev-python/MechanicalSoup-1.3.0: Malicious web server can read arbitrary files on client using file input inside HTML form
909723 - Assigned to Gentoo Security
<dev-python/werkzeug-{2.3.8,3.0.1}: DoS via malformed multipart data
917768 - Assigned to Gentoo Security
<dev-python/pip-23.3: mercurial configuration injection on installation
918427 - Assigned to Gentoo Security
<dev-python/pypdf-3.17.0: multiple vulnerabilities
918441 - Assigned to Gentoo Security
<dev-python/twisted-23.10.0_rc1: response ordering vulnerability
918526 - Assigned to Gentoo Security
<dev-python/aiohttp-3.8.0: inconsistent interpretation of the http protocol
918541 - Assigned to Gentoo Security
<dev-python/cryptography-41.0.7: "null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle"
918685 - Assigned to Gentoo Security
<dev-python/aiohttp-3.9.0: CLRF injection via method
918968 - Assigned to Gentoo Security
<dev-python/paramiko-3.4.0: terrapin vulnerability
920299 - Assigned to Gentoo Security
<dev-python/pycryptodome-3.19.1: side-channel leakage with OAEP decryption
920912 - Assigned to Gentoo Security
<dev-python/jinja-3.1.3: HTML attribute injection when passing user input as keys to xmlattr filter
921734 - Assigned to Gentoo Security
<dev-python/pillow-10.2.0: RCE when processing files with attacker-provided filenames
922577 - Assigned to Gentoo Security
<dev-python/cryptography-42.0.4: null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle
925120 - Assigned to Gentoo Security
<dev-python/pillow-10.3.0: buffer overflow in _imagingcms.c
928391 - Assigned to Gentoo Security
<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()
929208 - Assigned to Gentoo Security
<dev-python/aiohttp-3.9.4: DoS when trying to parse malformed POST requests
931097 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.