Skip to content

Issues: python/cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
74 Open 914 Closed
74 Open 914 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

gh-107361: strengthen default SSL context flags
awaiting review type-security A security issue
#112389 opened Nov 25, 2023 by woodruffw Loading…
Add Software Bill of Materials (SBOM) for Python releases type-feature A feature request or enhancement type-security A security issue
#112302 opened Nov 21, 2023 by sethmlarson
1
Consider applying flags for warnings about potential security issues build The build process and cross-build type-feature A feature request or enhancement type-security A security issue
#112301 opened Nov 21, 2023 by mdboom
6
NamedTemporaryFile() sample code is vulnerable to file squatting docs Documentation in the Doc dir type-security A security issue
#111783 opened Nov 6, 2023 by Sim4n6
4
Update Windows builds to use latest zlib 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes build The build process and cross-build deferred-blocker type-bug An unexpected behavior, bug, or error type-security A security issue
#111239 opened Oct 24, 2023 by SharpMan
@zware
2
gh-102988: Reject malformed addresses in email.parseaddr()
needs backport to 3.8 only security fixes needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 bug and security fixes needs backport to 3.12 bug and security fixes type-security A security issue
#111116 opened Oct 20, 2023 by vstinner Draft
20
gh-109858: Protect zipfile from "quoted-overlap" zipbomb
awaiting review needs backport to 3.8 only security fixes needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 bug and security fixes needs backport to 3.12 bug and security fixes type-security A security issue
#110016 opened Sep 28, 2023 by serhiy-storchaka Loading…
1
Update to OpenSSL 3.0.13+ (& 1.1.1x+) in our binary release build process. 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes release-blocker type-bug An unexpected behavior, bug, or error type-security A security issue
#109991 opened Sep 27, 2023 by gpshead
8
Add an audit hook for os.path.join & pathlib calls involving an absolute path join 3.13 new features, bugs and security fixes type-feature A feature request or enhancement type-security A security issue
#109985 opened Sep 27, 2023 by gpshead
Python "zipfile" can't detect "quoted-overlap" zipbomb that can be used as a DoS attack 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#109858 opened Sep 25, 2023 by dyingc
@gpshead @serhiy-storchaka
3
Remove historic CRAM-MD5 mechanism topic-email type-feature A feature request or enhancement type-security A security issue
#107675 opened Aug 6, 2023 by Neustradamus
7
DoS Vulnerability in socket.create_connection through malicious DNS responses 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes type-security A security issue
#106283 opened Jun 30, 2023 by NyanKiyoshi
2
Python 3.11.3 http.server NTFS Alternate Data Stream Information Disclosure OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104712 opened May 21, 2023 by fmunozs
Python 3.11.3 http.server CGI source code disclosure and directory listing OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104711 opened May 21, 2023 by fmunozs
1
[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes stdlib Python modules in the Lib dir topic-email type-bug An unexpected behavior, bug, or error type-security A security issue
#102988 opened Mar 24, 2023 by tdwyer
@gpshead
23
XSS in html.parser library stdlib Python modules in the Lib dir type-security A security issue
#102555 opened Mar 9, 2023 by Retr02332
6
[3.9] Any plan about fixing CVE-2022-40897 in python 3.9-alpine stdlib Python modules in the Lib dir topic-ensurepip type-bug An unexpected behavior, bug, or error type-security A security issue
#102202 opened Feb 24, 2023 by LianwMS
5
CRLF Injection vulnerability in "email.mime.multipart" > "MIMEMultipart" > "add_header()" topic-email type-bug An unexpected behavior, bug, or error type-security A security issue
#100612 opened Dec 30, 2022 by motoyasu-saburi
os.path.normpath of relative path r".\C:\x" returns absolute path r"C:\x" on Windows, similar in pathlib 3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes OS-windows stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#100162 opened Dec 10, 2022 by gpshead
7
shutil.copy2 race condition leading to local file disclosure stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#96719 opened Sep 9, 2022 by janschejbal
gh-87389: avoid treating path as URI with netloc
awaiting change review stdlib Python modules in the Lib dir type-feature A feature request or enhancement type-security A security issue
#93894 opened Jun 16, 2022 by nascheme Loading…
@nascheme
24
gh-91826: [WIP] Enable cert and hostname verification for stdlib
awaiting core review DO-NOT-MERGE type-security A security issue
#91875 opened Apr 24, 2022 by tiran Draft
1
Enable TLS certificate validation by default for SMTP/IMAP/FTP/POP/NNTP protocols topic-email topic-SSL type-feature A feature request or enhancement type-security A security issue
#91826 opened Apr 22, 2022 by The-Compiler
25
Update macOS installer builds to use ncurses 6.3 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes build The build process and cross-build OS-mac type-security A security issue
#91132 opened Mar 10, 2022 by ned-deily
@ned-deily
4
Improper Input Validation in urlparse 3.9 only security fixes stdlib Python modules in the Lib dir type-security A security issue
#91026 opened Feb 27, 2022 by P0cas mannequin
4
ProTip! Type g i on any issue or pull request to go back to the issue listing page.