Skip to content

Issues: python/cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
85 Open 925 Closed
85 Open 925 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[3.8] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016)
awaiting core review release-blocker type-security A security issue
#113916 opened Jan 10, 2024 by serhiy-storchaka Loading…
@ambv
[3.9] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016)
awaiting review release-blocker type-security A security issue
#113915 opened Jan 10, 2024 by miss-islington Loading…
@ambv
[3.10] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016)
awaiting review release-blocker type-security A security issue
#113914 opened Jan 10, 2024 by miss-islington Loading…
@pablogsal
gh-113659: Skip hidden .pth files
awaiting merge needs backport to 3.8 only security fixes needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 bug and security fixes needs backport to 3.12 bug and security fixes type-security A security issue
#113660 opened Jan 2, 2024 by serhiy-storchaka Loading…
19
Security risk of hidden pth files 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes type-security A security issue
#113659 opened Jan 2, 2024 by serhiy-storchaka
gh-67693: Fix urlunparse() and urlunsplit() for URIs with path starting with multiple slashes and no authority
awaiting core review needs backport to 3.8 only security fixes needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 bug and security fixes needs backport to 3.12 bug and security fixes type-security A security issue
#113563 opened Dec 29, 2023 by serhiy-storchaka Loading…
1
Add Software Bill-of-Materials for Windows source dependencies type-feature A feature request or enhancement type-security A security issue
#112844 opened Dec 7, 2023 by sethmlarson
3
[3.8] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930)
awaiting core review release-blocker type-security A security issue
#112843 opened Dec 7, 2023 by serhiy-storchaka Loading…
@ambv
[3.9] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930)
awaiting core review release-blocker type-security A security issue
#112842 opened Dec 7, 2023 by serhiy-storchaka Loading…
@ambv
[3.10] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930)
awaiting core review release-blocker type-security A security issue
#112840 opened Dec 7, 2023 by serhiy-storchaka Loading…
@pablogsal
gh-107361: strengthen default SSL context flags
awaiting merge type-security A security issue
#112389 opened Nov 25, 2023 by woodruffw Loading…
@gpshead
34
Add Software Bill of Materials (SBOM) for Python releases type-feature A feature request or enhancement type-security A security issue
#112302 opened Nov 21, 2023 by sethmlarson
2
Consider applying flags for warnings about potential security issues build The build process and cross-build type-feature A feature request or enhancement type-security A security issue
#112301 opened Nov 21, 2023 by mdboom
6
NamedTemporaryFile() sample code is vulnerable to file squatting docs Documentation in the Doc dir type-security A security issue
#111783 opened Nov 6, 2023 by Sim4n6
4
Update Windows builds to use latest zlib 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes build The build process and cross-build deferred-blocker type-bug An unexpected behavior, bug, or error type-security A security issue
#111239 opened Oct 24, 2023 by SharpMan
@zware
2
Update to OpenSSL 3.0.13+ (& 1.1.1x+) in our binary release build process. 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes release-blocker type-bug An unexpected behavior, bug, or error type-security A security issue
#109991 opened Sep 27, 2023 by gpshead
8
Add an audit hook for os.path.join & pathlib calls involving an absolute path join 3.13 new features, bugs and security fixes type-feature A feature request or enhancement type-security A security issue
#109985 opened Sep 27, 2023 by gpshead
Python "zipfile" can't detect "quoted-overlap" zipbomb that can be used as a DoS attack 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes release-blocker stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#109858 opened Sep 25, 2023 by dyingc
@gpshead @serhiy-storchaka
5
Remove historic CRAM-MD5 mechanism topic-email type-feature A feature request or enhancement type-security A security issue
#107675 opened Aug 6, 2023 by Neustradamus
7
ssl.create_default_context(): add VERIFY_X509_STRICT and VERIFY_X509_PARTIAL_CHAIN to the default verify_flags 3.13 new features, bugs and security fixes topic-SSL type-feature A feature request or enhancement type-security A security issue
#107361 opened Jul 27, 2023 by woodruffw
@gpshead @sethmlarson
2
DoS Vulnerability in socket.create_connection through malicious DNS responses 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes stdlib Python modules in the Lib dir type-security A security issue
#106283 opened Jun 30, 2023 by NyanKiyoshi
2
Python 3.11.3 http.server NTFS Alternate Data Stream Information Disclosure OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104712 opened May 21, 2023 by fmunozs
Python 3.11.3 http.server CGI source code disclosure and directory listing OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104711 opened May 21, 2023 by fmunozs
1
[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes stdlib Python modules in the Lib dir topic-email type-bug An unexpected behavior, bug, or error type-security A security issue
#102988 opened Mar 24, 2023 by tdwyer
@gpshead
25
XSS in html.parser library stdlib Python modules in the Lib dir type-security A security issue
#102555 opened Mar 9, 2023 by Retr02332
6
ProTip! Find all open issues with in progress development work with linked:pr.