Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32k
Issues: python/cpython
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Author
Uh oh!
There was an error while loading.Please reload this page.
Label
Uh oh!
There was an error while loading.Please reload this page.
Projects
Uh oh!
There was an error while loading.Please reload this page.
Milestones
Uh oh!
There was an error while loading.Please reload this page.
Assignee
Assigned to nobodyLoading
Uh oh!
There was an error while loading.Please reload this page.
Sort
Issues list
gh-134873: Fix quadratic complexity in os.path.expandvars() awaiting core review needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
#134952 openedMay 30, 2025 byserhiy-storchakaLoading…
gh-134873: fix various quadratic worst-time complexities inonly security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
_header_value_parser.py [WIP] needs backport to 3.9gh-134873: Fix a DOS issue in idlelib awaiting changes needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
#134874 openedMay 29, 2025 byjohnzhou721Loading…
A Series of Simple DOS Vulnerabilities 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes stdlibPython modules in the Lib dir topic-email topic-IDLE topic-pathlib type-securityA security issue
#134873 openedMay 29, 2025 bykexinoh
[3.9] gh-128840: Limit the number of parts in IPv6 address parsing (GH-128841) awaiting review DO-NOT-MERGE type-securityA security issue
#134615 openedMay 24, 2025 bymiss-islingtonLoading…
[3.10] gh-128840: Limit the number of parts in IPv6 address parsing (GH-128841) awaiting review DO-NOT-MERGE type-securityA security issue
#134614 openedMay 24, 2025 bymiss-islingtonLoading…
[3.11] gh-128840: Limit the number of parts in IPv6 address parsing (GH-128841) awaiting review DO-NOT-MERGE type-securityA security issue
#134613 openedMay 24, 2025 bymiss-islingtonLoading…
[3.9] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review release-blocker type-securityA security issue
#134481 openedMay 22, 2025 bymiss-islingtonLoading…
[3.10] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review release-blocker type-securityA security issue
#134480 openedMay 22, 2025 bymiss-islingtonLoading…
[3.11] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review release-blocker type-securityA security issue
#134479 openedMay 22, 2025 bymiss-islingtonLoading…
[3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134346 openedMay 20, 2025 byserhiy-storchakaLoading…
[3.10] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134345 openedMay 20, 2025 byserhiy-storchakaLoading…
[3.11] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134341 openedMay 20, 2025 byserhiy-storchakaLoading…
Use-after-free inonly security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes 3.15new features, bugs and security fixes interpreter-core(Objects, Python, Grammar, and Parser dirs) release-blocker topic-unicode type-crashA hard crash of the interpreter, possibly with a core dump type-securityA security issue
unicode_escape decoder with error handler 3.9 #133767 openedMay 9, 2025 bysethmlarson
Report of Open Redirect Vulnerability in Python 3.9.19 - Utilizing Simple HTTP 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes pendingThe issue will be closed if no feedback is provided stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#132826 openedApr 23, 2025 byhnagashimauu
[3.9] gh-80222: Fix email address header folding with long quoted-string (GH-122753) (GH-129111) awaiting merge topic-email type-securityA security issue
#132371 openedApr 10, 2025 bybrianschubertLoading…
Add OpenSSL 3.5 support to CPython infrastructure buildThe build process and cross-build extension-modulesC modules in the Modules dir topic-SSL type-featureA feature request or enhancement type-securityA security issue
#132339 openedApr 10, 2025 byscw
IPv6 address parsing doesn't limit buffer size release-blocker stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#128840 openedJan 14, 2025 bysethmlarson
TarFile.extractall(..., filter='tar') arbitrary file chmod 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#127987 openedDec 16, 2024 byjwilk
Reconsider XML Security warnings / obsolete vulnerabilities docsDocumentation in the Doc dir topic-XML type-securityA security issue
#127502 openedDec 2, 2024 byhannob
Ensure builtin hashlib implementations honor usedforsecurity=True when _hashlib is in FIPS mode extension-modulesC modules in the Modules dir topic-SSL type-featureA feature request or enhancement type-securityA security issue
#127298 openedNov 26, 2024 byxnox
Update SBOM generation to meet new guidance from CISA type-securityA security issue
#123038 openedAug 15, 2024 bysethmlarson
8 tasks
Missing audit events forend of life 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes topic-replRelated to the interactive shell type-securityA security issue
python -i andpython -m asyncio 3.8 (EOL) #121957 openedJul 18, 2024 byambv
Disallow setting an empty list for NPN in CPython 3.9 and earlier 3.8 (EOL)end of life 3.9only security fixes type-securityA security issue
#121227 openedJul 1, 2024 bysethmlarson
gh-119452: Fix OOM vulnerability in http.server needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
#119455 openedMay 23, 2024 byserhiy-storchaka • Draft
ProTip! Typegi on any issue or pull request to go back to the issue listing page.