Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Python Number Of NVD 124 CRITICAL 17 HIGH 51 MEDIUM 51 LOW 5
URL https://www.python.org/
Explanation A universally usable scripting language that does not require compilation and is executed by an interpreter.
It can be programmed in a variety of formats such as object-oriented, imperative, procedural, and functional.
It can be programmed in various formats such as object-oriented, imperative, procedural, and functional, and can be easily used as it is initially installed on most Unix and Linux distributions.
The language specification is simple and designed so that anyone can write the same kind of code, and it is the language of choice for many projects and companies.

It is widely used in the following applications due to its rich library.

AI (Deep Learning, Machine Learning, Deep Learning)
Web applications
Scripts for server administration

It is my personal favorite language.

Basically, it is supported for 5 years after its release.
Tag
  • Python Software Foundation License
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.python.org/downloads/
2 https://devguide.python.org/devcycle/#end-of-life-branches
3 https://devguide.python.org/
4 https://github.com/python
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 Python3.12 3.12.12 Oct. 9, 2025 Oct. 2, 2023 Oct. 31, 2028 0 2 2 0
52 Python3.11 3.11.14 Oct. 9, 2025 Oct. 24, 2022 Oct. 31, 2027 0 9 3 0
53 Python3.10 3.10.19 Oct. 9, 2025 Oct. 4, 2021 Oct. 31, 2026 2 12 7 0
54 Python3.9 3.9.25 Oct. 31, 2025 Oct. 5, 2020 Oct. 5, 2025 6 15 11 0
55 Python3.8 3.8.20 Sept. 6, 2024 Oct. 14, 2019 Oct. 14, 2024 8 18 15 0
56 Python3.7 3.7.17 June 6, 2023 June 27, 2018 June 27, 2023 9 25 20 0
57 Python3.6 3.6.15 Sept. 3, 2021 Dec. 23, 2016 Dec. 23, 2021 9 24 20 0
58 Python3.5 3.5.10 Sept. 5, 2020 Sept. 13, 2015 Sept. 13, 2020 9 25 19 0
59 Python3.4 3.4.10 March 18, 2019 March 17, 2014 March 18, 2019 8 26 20 1
60 Python3.3 3.3.7 Sept. 19, 2017 Sept. 29, 2012 Sept. 29, 2017 7 22 24 1
61 Python3.2 3.2.6 Oct. 12, 2014 Feb. 20, 2011 Feb. 20, 2016 5 19 27 2
62 Python2.7 2.7.18 April 20, 2020 July 3, 2010 Jan. 1, 2020 10 25 31 3
63 Python3.1 3.1.5 Aug. 17, 2009 June 26, 2009 April 9, 2012 4 19 33 1
64 Python3.0 3.0.1 Feb. 13, 2009 Dec. 19, 2008 June 27, 2009 4 18 24 1
65 Python2.6 2.6.9 Jan. 29, 2013 4 15 26 3
66 Python2.5 2.5.6 Jan. 1, 2000 4 25 29 2
67 Python2.4 2.4.6 Jan. 1, 2000 4 24 26 3
68 Python2.3 2.3.7 Jan. 1, 2000 4 23 25 3
69 Python2.2 2.2.3 Jan. 1, 2000 4 24 26 3
70 Python2.1 2.1.3 Jan. 1, 2000 4 22 26 3
71 Python2.0 2.0.1 Jan. 1, 2000 4 22 26 3
72 Python1.6 1.6.1 Jan. 1, 2000 3 22 21 3
73 Python1.5 1.5.2 Jan. 1, 2000 3 22 21 3
74 Python1.4 1.4 Jan. 1, 2000 3 21 21 3
75 Python1.3 1.3 Jan. 1, 2000 3 21 21 3
76 Python1.2 1.2 Jan. 1, 2000 3 21 21 3
77 Python1.1 1.1.1 Jan. 1, 2000 3 21 21 3
78 Python1.0 1.0.2 Jan. 1, 2000 3 21 21 3
79 Python0.9 0.9.9 Jan. 1, 2000 3 21 21 3
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 7.8
9.3 		HIGH
Local 		The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases be… CWE-552
 Files or Directories Accessible to External Parties 		CVE-2019-13404 cpe:2.3:a:python:python:*:*
3.0.0 		2.7.16

3.5.0 		2024-11-21 13:24
2019-07-8 		Show GitHub Exploit DB Packet Storm
52 9.8
7.5 		CRITICAL
Network 		BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CWE-787
 Out-of-bounds Write 		CVE-2019-12900 cpe:2.3:a:python:python:*:* 3.10.0
3.9.0
3.8.0
3.7.0





3.10.3
3.9.11
3.8.13
3.7.13 		2024-11-21 13:23
2019-06-20 		Show GitHub Exploit DB Packet Storm
53 9.8
5.0 		CRITICAL
Network 		A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which s… - CVE-2019-10160 cpe:2.3:a:python:python:3.8.0:beta1
cpe:2.3:a:python:python:3.8.0:alpha4
cpe:2.3:a:python:python:*:* 		3.6.0
3.7.0
3.5.0
2.7.0





3.6.9
3.7.4
3.5.8
2.7.17 		2024-11-21 13:18
2019-06-8 		Show GitHub Exploit DB Packet Storm
54 9.1
6.4 		CRITICAL
Network 		urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggerin… CWE-22
Path Traversal 		CVE-2019-9948 cpe:2.3:a:python:python:*:* 3.6.0
3.7.0
3.5.0
2.0





3.6.9
3.7.4
3.5.8
2.7.17 		2024-11-21 13:52
2019-03-24 		Show GitHub Exploit DB Packet Storm
55 6.1
4.3 		MEDIUM
Network 		An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir… CWE-93
CRLF Injection 		CVE-2019-9947 cpe:2.3:a:python:python:*:* 3.6.0
3.7.0
3.5.0
2.7.0





3.6.9
3.7.4
3.5.8
2.7.17 		2024-11-21 13:52
2019-03-24 		Show GitHub Exploit DB Packet Storm
56 6.1
4.3 		MEDIUM
Network 		An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir… CWE-93
CRLF Injection 		CVE-2019-9740 cpe:2.3:a:python:python:*:* 3.6.0
3.7.0
3.5.0
2.0





3.6.9
3.7.4
3.5.8
2.7.17 		2024-11-21 13:52
2019-03-13 		Show GitHub Exploit DB Packet Storm
57 9.8
5.0 		CRITICAL
Network 		Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (cr… NVD-CWE-noinfo
CVE-2019-9636 cpe:2.3:a:python:python:*:* 3.6.0
3.5.0
3.0.0
2.7.0
3.7.0







3.6.9
3.5.7
3.4.10
2.7.17
3.7.3 		2024-11-21 13:52
2019-03-9 		Show GitHub Exploit DB Packet Storm
58 7.5
5.0 		HIGH
Network 		Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion… CWE-190
 Integer Overflow or Wraparound 		CVE-2018-20406 cpe:2.3:a:python:python:*:* 3.4.0 3.7.1 2024-11-21 13:01
2018-12-24 		Show GitHub Exploit DB Packet Storm
59 7.5
5.0 		HIGH
Network 		Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML docu… CWE-909
 Missing Initialization of Resource 		CVE-2018-14647 cpe:2.3:a:python:python:3.7.0:*
cpe:2.3:a:python:python:*:* 		3.5.0
2.7.0
3.4.0
3.6.0 		3.5.6
2.7.15
3.4.9
3.6.6





2024-11-21 12:49
2018-09-25 		Show GitHub Exploit DB Packet Storm
60 9.8
7.5 		CRITICAL
Network 		Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_arc… CWE-77
Command Injection 		CVE-2018-1000802 cpe:2.3:a:python:python:*:* 2.7.0 2.7.16 2024-11-21 12:40
2018-09-19 		Show GitHub Exploit DB Packet Storm