Skip to content

Issues: python/cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
75 Open 944 Closed
75 Open 944 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

gh-115197: Stop resolving host in urllib.request proxy bypass
awaiting changes needs backport to 3.11 bug and security fixes needs backport to 3.12 bug and security fixes type-bug An unexpected behavior, bug, or error type-security A security issue
#115210 opened Feb 9, 2024 by weiiwang01 Loading…
1
11
urllib.request resolves the host before checking it against the system's proxy bypass list [Security: LOW, minor info leak] 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes OS-mac OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#115197 opened Feb 9, 2024 by weiiwang01
1
@gpshead @sethmlarson
16
[doc] subprocess security considerations needs a Windows-specific exception 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes docs Documentation in the Doc dir type-security A security issue
#114539 opened Jan 24, 2024 by zooba
7
gh-67693: Fix urlunparse() and urlunsplit() for URIs with path starting with multiple slashes and no authority
awaiting core review needs backport to 3.8 only security fixes needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 bug and security fixes needs backport to 3.12 bug and security fixes type-security A security issue
#113563 opened Dec 29, 2023 by serhiy-storchaka Loading…
1
Add Software Bill-of-Materials for Windows source dependencies type-feature A feature request or enhancement type-security A security issue
#112844 opened Dec 7, 2023 by sethmlarson
3
gh-107361: strengthen default SSL context flags
awaiting merge type-security A security issue
#112389 opened Nov 25, 2023 by woodruffw Loading…
@gpshead
37
Add Software Bill of Materials (SBOM) for Python releases type-feature A feature request or enhancement type-security A security issue
#112302 opened Nov 21, 2023 by sethmlarson
2
Consider applying flags for warnings about potential security issues build The build process and cross-build type-feature A feature request or enhancement type-security A security issue
#112301 opened Nov 21, 2023 by mdboom
6
NamedTemporaryFile() sample code is vulnerable to file squatting docs Documentation in the Doc dir type-security A security issue
#111783 opened Nov 6, 2023 by Sim4n6
4
Add an audit hook for os.path.join & pathlib calls involving an absolute path join 3.13 new features, bugs and security fixes type-feature A feature request or enhancement type-security A security issue
#109985 opened Sep 27, 2023 by gpshead
Remove historic CRAM-MD5 mechanism topic-email type-feature A feature request or enhancement type-security A security issue
#107675 opened Aug 6, 2023 by Neustradamus
7
ssl.create_default_context(): add VERIFY_X509_STRICT and VERIFY_X509_PARTIAL_CHAIN to the default verify_flags 3.13 new features, bugs and security fixes topic-SSL type-feature A feature request or enhancement type-security A security issue
#107361 opened Jul 27, 2023 by woodruffw
@gpshead @sethmlarson
2
DoS Vulnerability in socket.create_connection through malicious DNS responses 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes 3.13 new features, bugs and security fixes stdlib Python modules in the Lib dir type-security A security issue
#106283 opened Jun 30, 2023 by NyanKiyoshi
4
Python 3.11.3 http.server NTFS Alternate Data Stream Information Disclosure OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104712 opened May 21, 2023 by fmunozs
4
Python 3.11.3 http.server CGI source code disclosure and directory listing OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104711 opened May 21, 2023 by fmunozs
4
[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes stdlib Python modules in the Lib dir topic-email type-bug An unexpected behavior, bug, or error type-security A security issue
#102988 opened Mar 24, 2023 by tdwyer
@gpshead
25
XSS in html.parser library stdlib Python modules in the Lib dir type-security A security issue
#102555 opened Mar 9, 2023 by Retr02332
6
CRLF Injection vulnerability in "email.mime.multipart" > "MIMEMultipart" > "add_header()" topic-email type-bug An unexpected behavior, bug, or error type-security A security issue
#100612 opened Dec 30, 2022 by motoyasu-saburi
os.path.normpath of relative path r".\C:\x" returns absolute path r"C:\x" on Windows, similar in pathlib 3.7 (EOL) end of life 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes 3.12 bugs and security fixes OS-windows stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#100162 opened Dec 10, 2022 by gpshead
7
shutil.copy2 race condition leading to local file disclosure stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#96719 opened Sep 9, 2022 by janschejbal
gh-95341: Implement tls-exporter channel bindings and export key materials
awaiting core review type-security A security issue
#95366 opened Jul 28, 2022 by tiran Draft
9
ssl module incorrectly supports tls-unique channel binding for TLS 1.3 topic-SSL type-bug An unexpected behavior, bug, or error type-security A security issue
#95341 opened Jul 27, 2022 by davidben
12
gh-87389: avoid treating path as URI with netloc
awaiting change review stdlib Python modules in the Lib dir type-feature A feature request or enhancement type-security A security issue
#93894 opened Jun 16, 2022 by nascheme Loading…
@nascheme
24
gh-91826: Enable cert and hostname verification for stdlib
awaiting core review DO-NOT-MERGE type-security A security issue
#91875 opened Apr 24, 2022 by tiran Draft
1
Enable TLS certificate validation by default for SMTP/IMAP/FTP/POP/NNTP protocols topic-email topic-SSL type-feature A feature request or enhancement type-security A security issue
#91826 opened Apr 22, 2022 by The-Compiler
25
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.