-
-
Notifications
You must be signed in to change notification settings - Fork 29.4k
Issues: python/cpython
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Enable TLS certificate validation by default for SMTP/IMAP/FTP/POP/NNTP protocols
topic-email
topic-SSL
type-feature
A feature request or enhancement
type-security
A security issue
#91826
opened Apr 22, 2022 by
The-Compiler
Calling getdents()/readdir64() repeatedly while closing descriptors provides unexpected behaviour.
3.7 (EOL)
end of life
stdlib
Python modules in the Lib dir
type-security
A security issue
#65178
opened Mar 19, 2014 by
socketpair
mannequin
Race conditions in shutil.copy, shutil.copy2 and shutil.copyfile
3.7 (EOL)
end of life
stdlib
Python modules in the Lib dir
topic-IO
type-security
A security issue
#59305
opened Jun 18, 2012 by
radoslawzarzynski
mannequin
xml.sax parser validation sometimes fails when obtaining DTDs from https sites
topic-XML
type-security
A security issue
#76311
opened Nov 25, 2017 by
failys
mannequin
shutil copy* unsafe on POSIX - they preserve setuid/setgit bits
stdlib
Python modules in the Lib dir
type-security
A security issue
#61382
opened Feb 11, 2013 by
milkokrachounov
mannequin
Race condition in shutil.copyfile(): source file replaced file during copy
3.8
only security fixes
stdlib
Python modules in the Lib dir
type-security
A security issue
#74585
opened May 18, 2017 by
pkmoore
mannequin
urlparse of urllib returns wrong hostname
3.7 (EOL)
end of life
3.8
only security fixes
3.9
only security fixes
3.10
only security fixes
3.11
only security fixes
stdlib
Python modules in the Lib dir
type-security
A security issue
#80519
opened Mar 18, 2019 by
sanebow
mannequin
Avoid entity expansion attacks in Element Tree
topic-XML
type-security
A security issue
#68426
opened May 19, 2015 by
vadmium
Make SSL suppress_ragged_eofs default more secure
3.7 (EOL)
end of life
stdlib
Python modules in the Lib dir
topic-SSL
type-security
A security issue
#72002
opened Aug 20, 2016 by
vadmium
XML vulnerabilities in Python
3.7 (EOL)
end of life
3.8
only security fixes
3.9
only security fixes
extension-modules
C modules in the Modules dir
stdlib
Python modules in the Lib dir
topic-XML
type-security
A security issue
#61441
opened Feb 19, 2013 by
tiran
Clear audit hooks after destructors
3.8
only security fixes
3.9
only security fixes
3.10
only security fixes
interpreter-core
(Objects, Python, Grammar, and Parser dirs)
type-security
A security issue
#85334
opened Jun 29, 2020 by
zooba
tar symlink
3.8
only security fixes
OS-mac
OS-windows
stdlib
Python modules in the Lib dir
type-security
A security issue
#79850
opened Jan 6, 2019 by
Yilmaz
mannequin
urlparse library detecting wrong hostname leads to open redirect vulnerability
3.7 (EOL)
end of life
3.8
only security fixes
stdlib
Python modules in the Lib dir
type-security
A security issue
#79929
opened Jan 16, 2019 by
nsonaniya2010
mannequin
[security] Open redirect attack due to insufficient validation in Urlparse
3.7 (EOL)
end of life
3.8
only security fixes
3.9
only security fixes
3.10
only security fixes
3.11
only security fixes
stdlib
Python modules in the Lib dir
type-security
A security issue
#88907
opened Jul 26, 2021 by
ready-research
mannequin
Discourage logging f-strings due to security considerations
3.7 (EOL)
end of life
3.8
only security fixes
3.9
only security fixes
3.10
only security fixes
3.11
only security fixes
docs
Documentation in the Doc dir
stdlib
Python modules in the Lib dir
type-security
A security issue
#90358
opened Dec 30, 2021 by
ariebovenberg
mannequin
Prohibit invisible control characters in string literals and comments
3.11
only security fixes
interpreter-core
(Objects, Python, Grammar, and Parser dirs)
type-security
A security issue
#89968
opened Nov 15, 2021 by
stevendaprano
os.path.normpath of relative path r".\C:\x" returns absolute path r"C:\x" on Windows, similar in pathlib
3.7 (EOL)
end of life
3.8
only security fixes
3.9
only security fixes
3.10
only security fixes
3.11
only security fixes
3.12
bugs and security fixes
OS-windows
stdlib
Python modules in the Lib dir
type-bug
An unexpected behavior, bug, or error
type-security
A security issue
#100162
opened Dec 10, 2022 by
gpshead
Hostname spoofing via backslashes in URL
3.11
only security fixes
stdlib
Python modules in the Lib dir
type-security
A security issue
#90735
opened Jan 30, 2022 by
meetdash
mannequin
Quoting issue on header Reply-To and other address headers
3.9
only security fixes
topic-email
type-security
A security issue
#88803
opened Jul 14, 2021 by
Abridbus
mannequin
load_verify_locations(cadata) should load AUX ASN.1 to supported trusted certs
3.8
only security fixes
extension-modules
C modules in the Modules dir
topic-SSL
type-security
A security issue
#70658
opened Mar 2, 2016 by
tiran
SimpleCookie.js_output is vulnerable to HTML injection
3.11
only security fixes
stdlib
Python modules in the Lib dir
type-security
A security issue
#90309
opened Dec 22, 2021 by
trungpaaa
mannequin
email MIME splitting
3.7 (EOL)
end of life
3.8
only security fixes
3.9
only security fixes
3.10
only security fixes
topic-email
type-security
A security issue
#87289
opened Feb 4, 2021 by
martinortner
mannequin
smtplib mixes RFC821 and RFC822 addresses
stdlib
Python modules in the Lib dir
topic-email
type-security
A security issue
#78772
opened Sep 5, 2018 by
daurnimator
mannequin
zoneinfo.ZoneInfo does not check for Windows device names
3.9
only security fixes
3.10
only security fixes
3.11
only security fixes
OS-windows
stdlib
Python modules in the Lib dir
type-bug
An unexpected behavior, bug, or error
type-security
A security issue
#88992
opened Aug 4, 2021 by
apple502j
mannequin
Readline module loading in interactive mode
interpreter-core
(Objects, Python, Grammar, and Parser dirs)
type-security
A security issue
#56447
opened Jun 2, 2011 by
NielsHeinen
mannequin
Previous Next
ProTip!
Adding no:label will show everything without a label.