Skip to content

Issues: python/cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
84 Open 1,094 Closed
84 Open 1,094 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

TarFile.extractall(..., filter='tar') arbitrary file chmod 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#127987 opened Dec 16, 2024 by jwilk
4
Reconsider XML Security warnings / obsolete vulnerabilities docs Documentation in the Doc dir topic-XML type-security A security issue
#127502 opened Dec 2, 2024 by hannob
Ensure builtin hashlib implementations honor usedforsecurity=True when _hashlib is in FIPS mode extension-modules C modules in the Modules dir topic-SSL type-feature A feature request or enhancement type-security A security issue
#127298 opened Nov 26, 2024 by xnox
3
Update SBOM generation to meet new guidance from CISA type-security A security issue
#123038 opened Aug 15, 2024 by sethmlarson
8 tasks
@sethmlarson
1
gh-121284: Fix email address header folding with parsed encoded-word awaiting review topic-email type-security A security issue
#122754 opened Aug 6, 2024 by medmunds Loading…
1
1
gh-80222: Fix email address header folding with long quoted-string awaiting review type-security A security issue
#122753 opened Aug 6, 2024 by medmunds Loading…
1
1
Missing audit events for python -i and python -m asyncio 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes topic-repl Related to the interactive shell type-security A security issue
#121957 opened Jul 18, 2024 by ambv
@ambv
1
email: invalid RFC 2047 address header after refolding with email.policy.default stdlib Python modules in the Lib dir topic-email type-bug An unexpected behavior, bug, or error type-security A security issue
#121284 opened Jul 2, 2024 by medmunds
1
6
Disallow setting an empty list for NPN in CPython 3.9 and earlier 3.8 (EOL) end of life 3.9 only security fixes type-security A security issue
#121227 opened Jul 1, 2024 by sethmlarson
1
gh-119511: Fix OOM vulnerability in imaplib deferred-blocker needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes needs backport to 3.13 bugs and security fixes stdlib Python modules in the Lib dir type-security A security issue
#119514 opened May 24, 2024 by serhiy-storchaka Draft
7
OOM vulnerability in the imaplib module 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-email topic-IO type-security A security issue
#119511 opened May 24, 2024 by serhiy-storchaka
gh-119452: Fix OOM vulnerability in http.server needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#119455 opened May 23, 2024 by serhiy-storchaka Draft
1
gh-119451: Fix OOM vulnerability in http.client needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#119454 opened May 23, 2024 by serhiy-storchaka Draft
1
OOM vulnerability in the CGI server on Windows 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-IO type-security A security issue
#119452 opened May 23, 2024 by serhiy-storchaka
3
Out-of-memory when reading a HTTP response with large Content-Lenght 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-IO type-security A security issue
#119451 opened May 23, 2024 by serhiy-storchaka
Quadratic complexity in the UTF-7 decoder 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-unicode type-security A security issue
#119382 opened May 22, 2024 by serhiy-storchaka
3
gh-119342: Fix OOM vulnerability in plistlib needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 bug and security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#119343 opened May 21, 2024 by serhiy-storchaka Draft
6
Out-of-memory when loading a Plist 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes type-security A security issue
#119342 opened May 21, 2024 by serhiy-storchaka
Add Software Bill of Materials (SBOM) for Python releases type-feature A feature request or enhancement type-security A security issue
#112302 opened Nov 21, 2023 by sethmlarson
2
Consider applying flags for warnings about potential security issues build The build process and cross-build performance Performance or resource usage type-feature A feature request or enhancement type-security A security issue
#112301 opened Nov 21, 2023 by mdboom
27
NamedTemporaryFile() sample code is vulnerable to file squatting docs Documentation in the Doc dir type-security A security issue
#111783 opened Nov 6, 2023 by Sim4n6
4
Add an audit hook for os.path.join & pathlib calls involving an absolute path join 3.13 bugs and security fixes type-feature A feature request or enhancement type-security A security issue
#109985 opened Sep 27, 2023 by gpshead
Remove historic CRAM-MD5 mechanism topic-email type-feature A feature request or enhancement type-security A security issue
#107675 opened Aug 6, 2023 by Neustradamus
7
DoS Vulnerability in socket.create_connection through malicious DNS responses 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes stdlib Python modules in the Lib dir type-security A security issue
#106283 opened Jun 30, 2023 by NyanKiyoshi
4
Python 3.11.3 http.server NTFS Alternate Data Stream Information Disclosure OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104712 opened May 21, 2023 by fmunozs
4
ProTip! Exclude everything labeled bug with -label:bug.