Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
dev-python
The dev-python category contains packages whose primary purpose is to provide Python modules, extensions and bindings, as well as tools and utilities useful for development in the Python programming language.
Packages
Stabilization
7
Outdated
51
Pull requests
17
Bugs
1134
Security
58
Security Bug Reports
dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)
721672 - Assigned to Gentoo Security
<dev-python/rsa-4.7: timing attack vulnerability (CVE-2020-25658)
760702 - Assigned to Gentoo Security
<dev-python/django-{2.2.18,3.0.12,3.1.6}: Directory traversal (CVE-2021-3281)
768240 - Assigned to Gentoo Security
<dev-python/reportlab-3.5.56: SSRF vulnerability (CVE-2020-28463)
771552 - Assigned to Gentoo Security
<dev-python/django-{2.2.19,3.0.13,3.1.7}: web cache poisoning vulnerability (CVE-2021-23336)
771627 - Assigned to Gentoo Security
<dev-python/django-{2.2.20,3.0.14,3.1.8}: MultiPartParser directory traversal
780579 - Assigned to Gentoo Security
<dev-python/sqlparse-0.4.2: ReDOS in 'strip comments' filter
812512 - Assigned to Gentoo Security
<dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
827634 - Assigned to Gentoo Security
<dev-python/markdown2-2.4.2: ReDoS on "auto linking urls"
827977 - Assigned to Gentoo Security
<dev-python/django-{3.2.10,3.1.14,2.2.25}: Potential bypass of an upstream access control based on URL paths
828490 - Assigned to Gentoo Security
dev-python/ujson: stack-based buffer overflow
830373 - Assigned to Gentoo Security
<dev-python/django-{2.2.26,3.2.11}: Multiple vulnerabilities
830593 - Assigned to Gentoo Security
<dev-python/ipython-{7.31.1,8.0.1}: potential Execution with Unnecessary Privileges
831510 - Assigned to Gentoo Security
<dev-python/django-{4.0.2,3.2.12,2.2.27}: possible XSS via {% debug %} tag & DoS in file uploads
832491 - Assigned to Gentoo Security
<dev-python/numpy-1.22.2: null pointer dereference
832736 - Assigned to Gentoo Security
<dev-python/waitress-2.1.1: multiple "HTTP desync/HTTP request smuggling" vulnerabilities
835492 - Assigned to Gentoo Security
<dev-python/django-{2.2.28,3.2.13,4.0.4}: multiple vulnerabilities
837836 - Assigned to Gentoo Security
<dev-python/django-{3.2.14,4.0.6}: SQL injection
856448 - Assigned to Gentoo Security
<dev-python/django-{3.2.15,4.0.7}: reflected file download
863398 - Assigned to Gentoo Security
dev-python/adblock: 'cargo audit' reports one or more bundled CRATES as vulnerable
864046 - Assigned to Gentoo Security
dev-python/nbconvert: arbitrary html injection
865721 - Assigned to Gentoo Security
<dev-python/oslo-utils-4.12.1: plaintext logging of certain passwords
867328 - Assigned to Gentoo Security
<dev-python/django-{3.2.16,4.0.8,4.1.2}: Potential denial-of-service vulnerability in internationalized URLs
875323 - Assigned to Gentoo Security
dev-python/py: ReDoS via subversion repository with crafted info
877455 - Assigned to Gentoo Security
<dev-python/future-0.18.2-r3: ReDoS
888109 - Assigned to Gentoo Security
<dev-python/django-{3.2.17,4.0.9,4.1.6}: Potential denial-of-service via Accept-Language headers
892806 - Assigned to Gentoo Security
<dev-python/django-{3.2.18,4.0.10,4.1.7}: Potential denial-of-service vulnerability in file uploads
894408 - Assigned to Gentoo Security
<dev-python/werkzeug-2.2.3: DoS via multipart form upload
897962 - Assigned to Gentoo Security
<dev-python/flask-{2.2.5,2.3.2}: client cached response confusion
905880 - Assigned to Gentoo Security
<dev-python/tornado-6.3.2: open redirect vulnerability
906519 - Assigned to Gentoo Security
dev-python/reportlab: remote code execution
907924 - Assigned to Gentoo Security
<dev-python/starlette-0.27.0: local file inclusion vulnerability
907929 - Assigned to Gentoo Security
<dev-python/MechanicalSoup-1.3.0: Malicious web server can read arbitrary files on client using file input inside HTML form
909723 - Assigned to Gentoo Security
<dev-python/django-{4.2.5,4.1.11,3.2.21}: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri()
913620 - Assigned to Gentoo Security
<dev-python/werkzeug-{2.3.8,3.0.1}: DoS via malformed multipart data
917768 - Assigned to Gentoo Security
<dev-python/pip-23.3: mercurial configuration injection on installation
918427 - Assigned to Gentoo Security
<dev-python/pypdf-3.17.0: multiple vulnerabilities
918441 - Assigned to Gentoo Security
<dev-python/twisted-23.10.0_rc1: response ordering vulnerability
918526 - Assigned to Gentoo Security
<dev-python/paramiko-3.4.0: terrapin vulnerability
920299 - Assigned to Gentoo Security
<dev-python/pycryptodome-3.19.1: side-channel leakage with OAEP decryption
920912 - Assigned to Gentoo Security
<dev-python/jinja-3.1.3: HTML attribute injection when passing user input as keys to xmlattr filter
921734 - Assigned to Gentoo Security
<dev-python/django-{3.2.24,4.2.10,5.0.2}: Potential denial-of-service in intcomma template filter
923978 - Assigned to Gentoo Security
<dev-python/django-{3.2.25,4.2.11,5.0.3}: Potential ReDoS in django.utils.text.Truncator.words()
926164 - Assigned to Gentoo Security
<dev-python/pillow-10.3.0: buffer overflow in _imagingcms.c
928391 - Assigned to Gentoo Security
<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()
929208 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<dev-python/requests-2.32.0: Session object does not verify requests after making first request with verify=False
932327 - Assigned to Gentoo Security
<dev-python/pymysql-1.1.1: SQL injection if used with untrusted JSON input
932396 - Assigned to Gentoo Security
<dev-python/django-{5.0.7,4.2.14}: multiple vulnerabilities
935793 - Assigned to Gentoo Security
<dev-python/sentry-sdk-{2.8.0,1.45.1}: Unintentional exposure of environment variables to subprocesses
936682 - Assigned to Gentoo Security
<dev-python/django-{5.0.8,4.2.15}: multiple vulnerabilities
937476 - Assigned to Gentoo Security
<dev-python/twisted-24.7.0_rc1: twisted.web has disordered HTTP pipeline response
937641 - Assigned to Gentoo Security
<dev-python/webob-1.8.8: Location header normalization during redirect leads to open redirect
937946 - Assigned to Gentoo Security
<dev-python/django-{4.2.16, 5.0.9, 5.1.1}: Multiple vulnerabilities
939027 - Assigned to Gentoo Security
<dev-python/configobj-5.0.9: ReDoS via the validate function
940017 - Assigned to Gentoo Security
<dev-python/werkzeug-3.0.6, <dev-python/quart-0.19.7: possible resource exhaustion when parsing file data in forms
942200 - Assigned to Gentoo Security
<dev-python/tornado-6.4.2: ReDoS in cookie parsing
944393 - Assigned to Gentoo Security
<dev-python/django-{5.1.4,5.0.10,4.2.17}: multiple vulnerabilities
945889 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.