| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11468 | Folding email comments of unfoldable characters doesn't preserve parenthesis | Python Software Foundation | CPython | - | - | 2026-01-20 21:09:11 | Deep Dive |
| CVE-2025-12084 | Quadratic complexity in node ID cache clearing | Python Software Foundation | CPython | - | - | 2025-12-03 18:55:32 | Deep Dive |
| CVE-2025-13837 | Out-of-memory when loading Plist | Python Software Foundation | CPython | - | - | 2025-12-01 18:13:33 | Deep Dive |
| CVE-2025-13836 | Excessive read buffering DoS in http.client | Python Software Foundation | CPython | - | - | 2025-12-01 18:02:38 | Deep Dive |
| CVE-2025-6075 | Quadratic complexity in os.path.expandvars() with user-controlled template | Python Software Foundation | CPython | 低危 | - | 2025-10-31 16:41:35 | Deep Dive |
| CVE-2025-8291 | ZIP64 End of Central Directory (EOCD) Locator record offset not checked | Python Software Foundation | CPython | Medium | 4.3 | 2025-10-07 18:10:06 | Deep Dive |
| CVE-2025-8194 | Tarfile infinite loop during parsing with negative member offset | Python Software Foundation | CPython | High | 7.5 | 2025-07-28 18:42:45 | Deep Dive |
| CVE-2025-6069 | HTMLParser quadratic complexity when processing malformed inputs | Python Software Foundation | CPython | Medium | 4.3 | 2025-06-17 13:39:46 | Deep Dive |
| CVE-2024-12718 | Bypass extraction filter to modify file metadata outside extraction directory | Python Software Foundation | CPython | Medium | 5.3 | 2025-06-03 12:59:11 | Deep Dive |
| CVE-2025-4435 | Tarfile extracts filtered members when errorlevel=0 | Python Software Foundation | CPython | High | 7.5 | 2025-06-03 12:59:07 | Deep Dive |
| CVE-2025-4138 | Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory | Python Software Foundation | CPython | High | 7.5 | 2025-06-03 12:59:03 | Deep Dive |
| CVE-2025-4330 | Extraction filter bypass for linking outside extraction directory | Python Software Foundation | CPython | High | 7.5 | 2025-06-03 12:58:57 | Deep Dive |
| CVE-2025-4517 | Arbitrary writes via tarfile realpath overflow | Python Software Foundation | CPython | Critical | 9.4 | 2025-06-03 12:58:50 | Deep Dive |
| CVE-2025-4516 | Use-after-free in "unicode_escape" decoder with error handler | Python Software Foundation | CPython | - | - | 2025-05-15 13:29:20 | Deep Dive |
| CVE-2025-1795 | Mishandling of comma during folding and unicode-encoding of email headers | Python Software Foundation | CPython | 低危 | - | 2025-02-28 18:59:32 | Deep Dive |
| CVE-2024-3220 | Default mimetype known files writeable on Windows | Python Software Foundation | CPython | 中危 | - | 2025-02-14 16:18:01 | Deep Dive |
| CVE-2025-0938 | URL parser allowed square brackets in domain names | Python Software Foundation | CPython | 低危 | - | 2025-01-31 17:51:36 | Deep Dive |
| CVE-2024-12254 | Unbounded memory buffering in SelectorSocketTransport.writelines() | Python Software Foundation | CPython | 高危 | - | 2024-12-06 15:19:42 | Deep Dive |
| CVE-2024-11168 | Improper validation of IPv6 and IPvFuture addresses | Python Software Foundation | CPython | 低危 | - | 2024-11-12 21:22:23 | Deep Dive |
| CVE-2024-9287 | Virtual environment (venv) activation scripts don't quote paths | Python Software Foundation | CPython | - | - | 2024-10-22 16:34:39 | Deep Dive |