Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Python Number Of NVD 124 CRITICAL 17 HIGH 51 MEDIUM 51 LOW 5
URL https://www.python.org/
Explanation A universally usable scripting language that does not require compilation and is executed by an interpreter.
It can be programmed in a variety of formats such as object-oriented, imperative, procedural, and functional.
It can be programmed in various formats such as object-oriented, imperative, procedural, and functional, and can be easily used as it is initially installed on most Unix and Linux distributions.
The language specification is simple and designed so that anyone can write the same kind of code, and it is the language of choice for many projects and companies.

It is widely used in the following applications due to its rich library.

AI (Deep Learning, Machine Learning, Deep Learning)
Web applications
Scripts for server administration

It is my personal favorite language.

Basically, it is supported for 5 years after its release.
Tag
  • Python Software Foundation License
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.python.org/downloads/
2 https://devguide.python.org/devcycle/#end-of-life-branches
3 https://devguide.python.org/
4 https://github.com/python
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Python3.12 3.12.12 Oct. 9, 2025 Oct. 2, 2023 Oct. 31, 2028 0 2 2 0
32 Python3.11 3.11.14 Oct. 9, 2025 Oct. 24, 2022 Oct. 31, 2027 0 9 3 0
33 Python3.10 3.10.19 Oct. 9, 2025 Oct. 4, 2021 Oct. 31, 2026 2 12 7 0
34 Python3.9 3.9.25 Oct. 31, 2025 Oct. 5, 2020 Oct. 5, 2025 6 15 11 0
35 Python3.8 3.8.20 Sept. 6, 2024 Oct. 14, 2019 Oct. 14, 2024 8 18 15 0
36 Python3.7 3.7.17 June 6, 2023 June 27, 2018 June 27, 2023 9 25 20 0
37 Python3.6 3.6.15 Sept. 3, 2021 Dec. 23, 2016 Dec. 23, 2021 9 24 20 0
38 Python3.5 3.5.10 Sept. 5, 2020 Sept. 13, 2015 Sept. 13, 2020 9 25 19 0
39 Python3.4 3.4.10 March 18, 2019 March 17, 2014 March 18, 2019 8 26 20 1
40 Python3.3 3.3.7 Sept. 19, 2017 Sept. 29, 2012 Sept. 29, 2017 7 22 24 1
41 Python3.2 3.2.6 Oct. 12, 2014 Feb. 20, 2011 Feb. 20, 2016 5 19 27 2
42 Python2.7 2.7.18 April 20, 2020 July 3, 2010 Jan. 1, 2020 10 25 31 3
43 Python3.1 3.1.5 Aug. 17, 2009 June 26, 2009 April 9, 2012 4 19 33 1
44 Python3.0 3.0.1 Feb. 13, 2009 Dec. 19, 2008 June 27, 2009 4 18 24 1
45 Python2.6 2.6.9 Jan. 29, 2013 4 15 26 3
46 Python2.5 2.5.6 Jan. 1, 2000 4 25 29 2
47 Python2.4 2.4.6 Jan. 1, 2000 4 24 26 3
48 Python2.3 2.3.7 Jan. 1, 2000 4 23 25 3
49 Python2.2 2.2.3 Jan. 1, 2000 4 24 26 3
50 Python2.1 2.1.3 Jan. 1, 2000 4 22 26 3
51 Python2.0 2.0.1 Jan. 1, 2000 4 22 26 3
52 Python1.6 1.6.1 Jan. 1, 2000 3 22 21 3
53 Python1.5 1.5.2 Jan. 1, 2000 3 22 21 3
54 Python1.4 1.4 Jan. 1, 2000 3 21 21 3
55 Python1.3 1.3 Jan. 1, 2000 3 21 21 3
56 Python1.2 1.2 Jan. 1, 2000 3 21 21 3
57 Python1.1 1.1.1 Jan. 1, 2000 3 21 21 3
58 Python1.0 1.0.2 Jan. 1, 2000 3 21 21 3
59 Python0.9 0.9.9 Jan. 1, 2000 3 21 21 3
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 9.8
7.5 		CRITICAL
Network 		Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untru… CWE-120
Classic Buffer Overflow 		CVE-2021-3177 cpe:2.3:a:python:python:*:* 3.7.0
3.9.0
3.8.0
3.6.0 		3.7.9
3.9.1
3.8.7
3.6.12





2024-11-21 15:21
2021-01-19 		Show GitHub Exploit DB Packet Storm
32 9.8
7.5 		CRITICAL
Network 		In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. NVD-CWE-noinfo
CVE-2020-27619 cpe:2.3:a:python:python:*:* 3.7.0
3.9.0
3.8.0
3.0.0





3.7.10
3.9.1
3.8.7
3.6.13 		2024-11-21 14:21
2020-10-22 		Show GitHub Exploit DB Packet Storm
33 7.2
6.4 		HIGH
Network 		http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by ins… CWE-74
Injection 		CVE-2020-26116 cpe:2.3:a:python:python:*:* 3.0.0
3.8.0
3.7.0
3.6.0





3.5.10
3.8.5
3.7.9
3.6.12 		2024-11-21 14:19
2020-09-27 		Show GitHub Exploit DB Packet Storm
34 9.8
7.5 		CRITICAL
Network 		In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file)… CWE-426
 Untrusted Search Path 		CVE-2020-15801 cpe:2.3:a:python:python:*:* 3.7.0
3.8.0

3.7.9
3.8.5 		2024-11-21 14:06
2020-07-17 		Show GitHub Exploit DB Packet Storm
35 7.5
5.0 		HIGH
Network 		In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2019-20907 cpe:2.3:a:python:python:*:* 3.8.0
3.7.0
3.6.0
3.5.0





3.8.5
3.7.9
3.6.12
3.5.10 		2024-11-21 13:39
2020-07-13 		Show GitHub Exploit DB Packet Storm
36 7.8
6.9 		HIGH
Local 		In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native appl… CWE-427
CWE-908
 Uncontrolled Search Path Element
 Use of Uninitialized Resource 		CVE-2020-15523 cpe:2.3:a:python:python:3.9.0:beta4
cpe:2.3:a:python:python:3.9.0:beta3
cpe:2.3:a:python:python:3.9.0:beta2
cp… 		3.5.0
3.6.0
3.7.0
3.8.0





3.5.10
3.6.12
3.7.9
3.8.4 		2024-11-21 14:05
2020-07-5 		Show GitHub Exploit DB Packet Storm
37 5.9
4.3 		MEDIUM
Network 		Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an applica… CWE-682
CWE-330
 Incorrect Calculation
 Use of Insufficiently Random Values 		CVE-2020-14422 cpe:2.3:a:python:python:*:* 3.0.0
3.7.0
3.6.0
3.8.0





3.5.10
3.7.9
3.6.12
3.8.4 		2024-11-21 14:03
2020-06-18 		Show GitHub Exploit DB Packet Storm
38 7.5
5.0 		HIGH
Network 		The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. NVD-CWE-noinfo
CVE-2013-1753 cpe:2.3:a:python:python:*:* 3.2.0
3.4.0
2.7.0
3.3.0





3.2.6
3.4.3
2.7.9
3.3.6 		2024-11-21 10:50
2020-03-12 		Show GitHub Exploit DB Packet Storm
39 9.8
7.5 		CRITICAL
Network 		The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct… CWE-22
Path Traversal 		CVE-2014-4650 cpe:2.3:a:python:python:*:* 3.2.0
3.3.0
3.4.0
2.7.0





3.2.6
3.3.6
3.4.2
2.7.8 		2024-11-21 11:10
2020-02-21 		Show GitHub Exploit DB Packet Storm
40 7.5
5.0 		HIGH
Network 		Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. CWE-400
 Uncontrolled Resource Consumption 		CVE-2019-9674 cpe:2.3:a:python:python:*:* 3.7.2 2024-11-21 13:52
2020-02-5 		Show GitHub Exploit DB Packet Storm