Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
dev-python
The dev-python category contains packages whose primary purpose is to provide Python modules, extensions and bindings, as well as tools and utilities useful for development in the Python programming language.
Packages
Stabilization
8
Outdated
30
Pull requests
24
Bugs
1082
Security
59
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to Gentoo Security
<dev-python/pypy3-7.3.2: multiple vulnerabilities
741496 - Assigned to Gentoo Security
<dev-python/pypy-7.3.2: multiple vulnerabilities
741560 - Assigned to Gentoo Security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to Gentoo Security
<dev-python/django-{2.2.18,3.0.12,3.1.6}: Directory traversal (CVE-2021-3281)
768240 - Assigned to Gentoo Security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to Gentoo Security
<dev-python/django-{2.2.19,3.0.13,3.1.7}: web cache poisoning vulnerability (CVE-2021-23336)
771627 - Assigned to Gentoo Security
<dev-python/django-{2.2.20,3.0.14,3.1.8}: MultiPartParser directory traversal
780579 - Assigned to Gentoo Security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to Gentoo Security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to Gentoo Security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to Gentoo Security
<dev-python/django-{3.2.10,3.1.14,2.2.25}: Potential bypass of an upstream access control based on URL paths
828490 - Assigned to Gentoo Security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to Gentoo Security
<dev-python/django-{2.2.26,3.2.11}: Multiple vulnerabilities
830593 - Assigned to Gentoo Security
<dev-python/ipython-{7.31.1,8.0.1}: potential Execution with Unnecessary Privileges
831510 - Assigned to Gentoo Security
<dev-python/django-{4.0.2,3.2.12,2.2.27}: possible XSS via {% debug %} tag & DoS in file uploads
832491 - Assigned to Gentoo Security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to Gentoo Security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to Gentoo Security
dev-python/virtualenv: bundles vulnerable urllib3 via vulnerable pip
835625 - Assigned to Gentoo Security
<dev-python/django-{2.2.28,3.2.13,4.0.4}: multiple vulnerabilities
837836 - Assigned to Gentoo Security
<dev-python/django-{3.2.14,4.0.6}: SQL injection
856448 - Assigned to Gentoo Security
<dev-python/django-{3.2.15,4.0.7}: reflected file download
863398 - Assigned to Gentoo Security
dev-python/adblock: 'cargo audit' reports one or more bundled CRATES as vulnerable
864046 - Assigned to Gentoo Security
<dev-python/cryptography-41.0.1: 'cargo audit' reports one or more bundled CRATES as vulnerable
864049 - Assigned to Gentoo Security
dev-python/nbconvert: arbitrary html injection
865721 - Assigned to Gentoo Security
<dev-python/oslo-utils-4.12.1: plaintext logging of certain passwords
867328 - Assigned to Gentoo Security
<dev-python/django-{3.2.16,4.0.8,4.1.2}: Potential denial-of-service vulnerability in internationalized URLs
875323 - Assigned to Gentoo Security
dev-python/py: ReDoS via subversion repository with crafted info
877455 - Assigned to Gentoo Security
<dev-python/future-0.18.2-r3: ReDoS
888109 - Assigned to Gentoo Security
<dev-python/django-{3.2.17,4.0.9,4.1.6}: Potential denial-of-service via Accept-Language headers
892806 - Assigned to Gentoo Security
<dev-python/cryptography-39.0.1: Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
893576 - Assigned to Gentoo Security
<dev-python/django-{3.2.18,4.0.10,4.1.7}: Potential denial-of-service vulnerability in file uploads
894408 - Assigned to Gentoo Security
<dev-python/werkzeug-2.2.3: DoS via multipart form upload
897962 - Assigned to Gentoo Security
dev-python/redis: multiple vulnerabilities
903137 - Assigned to Gentoo Security
<dev-python/flask-{2.2.5,2.3.2}: client cached response confusion
905880 - Assigned to Gentoo Security
<dev-python/tornado-6.3.2: open redirect vulnerability
906519 - Assigned to Gentoo Security
dev-python/reportlab: remote code execution
907924 - Assigned to Gentoo Security
<dev-python/starlette-0.27.0: local file inclusion vulnerability
907929 - Assigned to Gentoo Security
<dev-python/MechanicalSoup-1.3.0: Malicious web server can read arbitrary files on client using file input inside HTML form
909723 - Assigned to Gentoo Security
<dev-python/django-{4.2.5,4.1.11,3.2.21}: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri()
913620 - Assigned to Gentoo Security
<dev-python/werkzeug-{2.3.8,3.0.1}: DoS via malformed multipart data
917768 - Assigned to Gentoo Security
<dev-python/pip-23.3: mercurial configuration injection on installation
918427 - Assigned to Gentoo Security
<dev-python/pypdf-3.17.0: multiple vulnerabilities
918441 - Assigned to Gentoo Security
<dev-python/twisted-23.10.0_rc1: response ordering vulnerability
918526 - Assigned to Gentoo Security
<dev-python/aiohttp-3.8.0: inconsistent interpretation of the http protocol
918541 - Assigned to Gentoo Security
<dev-python/cryptography-41.0.7: "null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle"
918685 - Assigned to Gentoo Security
<dev-python/aiohttp-3.9.0: CLRF injection via method
918968 - Assigned to Gentoo Security
<dev-python/paramiko-3.4.0: terrapin vulnerability
920299 - Assigned to Gentoo Security
<dev-python/pycryptodome-3.19.1: side-channel leakage with OAEP decryption
920912 - Assigned to Gentoo Security
<dev-python/jinja-3.1.3: HTML attribute injection when passing user input as keys to xmlattr filter
921734 - Assigned to Gentoo Security
<dev-python/django-{3.2.24,4.2.10,5.0.2}: Potential denial-of-service in intcomma template filter
923978 - Assigned to Gentoo Security
<dev-python/cryptography-42.0.4: null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle
925120 - Assigned to Gentoo Security
<dev-python/django-{3.2.25,4.2.11,5.0.3}: Potential ReDoS in django.utils.text.Truncator.words()
926164 - Assigned to Gentoo Security
<dev-python/pillow-10.3.0: buffer overflow in _imagingcms.c
928391 - Assigned to Gentoo Security
<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()
929208 - Assigned to Gentoo Security
<dev-python/aiohttp-3.9.4: DoS when trying to parse malformed POST requests
931097 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<dev-python/requests-2.32.0: Session object does not verify requests after making first request with verify=False
932327 - Assigned to Gentoo Security
<dev-python/pymysql-1.1.1: SQL injection if used with untrusted JSON input
932396 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.