Vulnerabilidades em Python Software Foundation
60 resultadosCVE-2026-7774MEDIUMtarfile.data_filter path traversal bypass allows writing outside the extraction directoryEPSS 0.6%CVE-2025-8194HIGHTarfile infinite loop during parsing with negative member offsetEPSS 0.6%CVE-2025-1795LOWMishandling of comma during folding and unicode-encoding of email headersEPSS 0.6%CVE-2026-1299MEDIUMemail BytesGenerator header injection due to unquoted newlinesEPSS 0.6%CVE-2025-11468MEDIUMFolding email comments of unfoldable characters doesn't preserve parenthesisEPSS 0.5%CVE-2026-3087MEDIUMshutil.unpack_archive() doesn't check for Windows absolute paths in ZIPsEPSS 0.5%CVE-2026-6100CRITICALUse-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressureEPSS 0.5%CVE-2025-12781MEDIUMbase64.b64decode() always accepts "+/" characters, despite setting altcharsEPSS 0.5%CVE-2026-3276MEDIUMPotential DoS via quadratic complexity in unicodedata.normalize()EPSS 0.5%CVE-2025-15282MEDIUMHeader injection via newlines in data URL mediatypeEPSS 0.5%CVE-2024-3220LOWDefault mimetype known files writeable on WindowsEPSS 0.5%CVE-2025-4435HIGHTarfile extracts filtered members when errorlevel=0EPSS 0.5%CVE-2026-1502MEDIUMHTTP client proxy tunnel headers not validated for CR/LFEPSS 0.5%CVE-2026-0865MEDIUMwsgiref.headers.Headers allows header newline injectionEPSS 0.5%CVE-2025-6069MEDIUMHTMLParser quadratic complexity when processing malformed inputsEPSS 0.5%CVE-2026-0672MEDIUMHeader injection in http.cookies.MorselEPSS 0.4%CVE-2026-8328MEDIUMFTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host addressEPSS 0.4%CVE-2026-3644MEDIUMIncomplete control character validation in http.cookiesEPSS 0.4%CVE-2026-9669HIGHbz2.BZ2Decompressor reuse after error can cause a stack buffer overflowEPSS 0.4%CVE-2026-3298HIGHOut-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytesEPSS 0.4%