Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32k
Issues: python/cpython
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Author
Uh oh!
There was an error while loading.Please reload this page.
Label
Uh oh!
There was an error while loading.Please reload this page.
Projects
Uh oh!
There was an error while loading.Please reload this page.
Milestones
Uh oh!
There was an error while loading.Please reload this page.
Assignee
Assigned to nobodyLoading
Uh oh!
There was an error while loading.Please reload this page.
Sort
Issues list
[3.9] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review type-securityA security issue
#134481 openedMay 22, 2025 bymiss-islingtonLoading…
[3.10] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review type-securityA security issue
#134480 openedMay 22, 2025 bymiss-islingtonLoading…
[3.11] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review type-securityA security issue
#134479 openedMay 22, 2025 bymiss-islingtonLoading…
[3.12] gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063) awaiting review type-securityA security issue
#134478 openedMay 22, 2025 bymiss-islingtonLoading…
[3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134346 openedMay 20, 2025 byserhiy-storchakaLoading…
[3.10] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134345 openedMay 20, 2025 byserhiy-storchakaLoading…
[3.11] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134341 openedMay 20, 2025 byserhiy-storchakaLoading…
[3.12] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) awaiting core review type-securityA security issue
#134337 openedMay 20, 2025 byserhiy-storchakaLoading…
[3.12] Fix use-after-free in the unicode-escape decoder with error handler (GH-133767) awaiting review topic-unicode type-crashA hard crash of the interpreter, possibly with a core dump type-securityA security issue
#134255 openedMay 19, 2025 bymceplLoading…
Excessive hash collisions in IPv4Network and IPv6Network classes stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#134062 openedMay 15, 2025 bymssalvatore
Use-after-free inonly security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes 3.15new features, bugs and security fixes interpreter-core(Objects, Python, Grammar, and Parser dirs) release-blocker topic-unicode type-crashA hard crash of the interpreter, possibly with a core dump type-securityA security issue
unicode_escape decoder with error handler 3.9 #133767 openedMay 9, 2025 bysethmlarson
Report of Open Redirect Vulnerability in Python 3.9.19 - Utilizing Simple HTTP 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes pendingThe issue will be closed if no feedback is provided stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#132826 openedApr 23, 2025 byhnagashimauu
[3.9] gh-80222: Fix email address header folding with long quoted-string (GH-122753) (GH-129111) awaiting merge topic-email type-securityA security issue
#132371 openedApr 10, 2025 bybrianschubertLoading…
Add OpenSSL 3.5 support to CPython infrastructure buildThe build process and cross-build extension-modulesC modules in the Modules dir topic-SSL type-featureA feature request or enhancement type-securityA security issue
#132339 openedApr 10, 2025 byscw
gh-128840: Limit the number of parts in IPv6 address parsing awaiting merge needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
#128841 openedJan 14, 2025 bysethmlarsonLoading…
IPv6 address parsing doesn't limit buffer size stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#128840 openedJan 14, 2025 bysethmlarson
TarFile.extractall(..., filter='tar') arbitrary file chmod 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes stdlibPython modules in the Lib dir type-bugAn unexpected behavior, bug, or error type-securityA security issue
#127987 openedDec 16, 2024 byjwilk
Reconsider XML Security warnings / obsolete vulnerabilities docsDocumentation in the Doc dir topic-XML type-securityA security issue
#127502 openedDec 2, 2024 byhannob
Ensure builtin hashlib implementations honor usedforsecurity=True when _hashlib is in FIPS mode extension-modulesC modules in the Modules dir topic-SSL type-featureA feature request or enhancement type-securityA security issue
#127298 openedNov 26, 2024 byxnox
Update SBOM generation to meet new guidance from CISA type-securityA security issue
#123038 openedAug 15, 2024 bysethmlarson
8 tasks
Missing audit events forend of life 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes topic-replRelated to the interactive shell type-securityA security issue
python -i andpython -m asyncio 3.8 (EOL) #121957 openedJul 18, 2024 byambv
Disallow setting an empty list for NPN in CPython 3.9 and earlier 3.8 (EOL)end of life 3.9only security fixes type-securityA security issue
#121227 openedJul 1, 2024 bysethmlarson
gh-119452: Fix OOM vulnerability in http.server needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
#119455 openedMay 23, 2024 byserhiy-storchaka • Draft
gh-119451: Fix OOM vulnerability in http.client needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes type-securityA security issue
#119454 openedMay 23, 2024 byserhiy-storchaka • Draft
OOM vulnerability in the CGI server on Windows 3.8 (EOL)end of life 3.9only security fixes 3.10only security fixes 3.11only security fixes 3.12only security fixes 3.13bugs and security fixes 3.14bugs and security fixes stdlibPython modules in the Lib dir topic-IO type-securityA security issue
#119452 openedMay 23, 2024 byserhiy-storchaka
ProTip! Updated in the last three days:updated:>2025-05-20.