+++++++++++++++++++++++++++++++
Python Security Vulnerabilities
+++++++++++++++++++++++++++++++

.. warning::
    This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**.

    The `canonical database for vulnerabilities affecting Python <https://github.com/psf/advisory-database>`_ is available on GitHub
    in the Open Source Vulnerability (OSV) format. This database can be viewed online at the
    `Open Source Vulnerability Database <https://osv.dev/list?ecosystem=&q=PSF>`_.

`Status of Python branches
<https://devguide.python.org/versions/>`_ lists Python
branches which get security fixes.

.. |br| raw:: html

   <br />

Total: 95 vulnerabilities.

+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| Vulnerability                                                                                                                           | Disclosure | Fixed In                                                        | Vulnerable                      | CVE                                                                                                                                                |
+=========================================================================================================================================+============+=================================================================+=================================+====================================================================================================================================================+
| :doc:`Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple <vuln/email-parseaddr-realname>`     | 2023-03-24 | --                                                              | 3.10 |br| 3.7 |br| 3.8 |br| 3.9 | CVE-2023-27043                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urlparse does not correctly handle schemes <vuln/urlparse-scheme>`                                                                | 2022-11-12 | 3.11.1                                                          | 3.10 |br| 3.7 |br| 3.8 |br| 3.9 | CVE-2023-24329                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Buffer overflow in the _sha3 module in Python 3.10 and older <vuln/sha3-buffer-overflow>`                                         | 2022-10-21 | 3.7.16 |br| 3.8.16 |br| 3.9.16 |br| 3.10.9                      | --                              | CVE-2022-37454                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Slow IDNA decoding with large strings <vuln/slow-idna-large-strings>`                                                             | 2022-10-19 | 3.7.16 |br| 3.8.16 |br| 3.9.16 |br| 3.10.9 |br| 3.11.1          | --                              | CVE-2022-45061                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Linux specific local privilege escalation via the multiprocessing forkserver start method <vuln/multiprocessing-abstract-socket>` | 2022-09-23 | 3.9.16 |br| 3.10.9 |br| 3.11.0                                  | --                              | CVE-2022-42919                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Prevent DoS by large str-int conversions <vuln/large-int-str-dos>`                                                                | 2022-08-08 | 3.7.14 |br| 3.8.14 |br| 3.9.14 |br| 3.10.7 |br| 3.11.0          | --                              | CVE-2020-10735                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Windows: vulnerable zlib 1.2.11 <vuln/update-zlib-1-2-11>`                                                                        | 2022-04-01 | 3.7.14 |br| 3.8.14 |br| 3.9.13 |br| 3.10.5                      | --                              | CVE-2018-25032                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Windows: vulnerable bzip2 1.0.6 <vuln/update-bzip2-1-0-6>`                                                                        | 2021-07-02 | 3.7.13 |br| 3.8.13 |br| 3.9.11 |br| 3.10.3                      | --                              | CVE-2016-3189 |br| CVE-2019-12900                                                                                                                  |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0 <vuln/expat-billion-laughs>`                                                    | 2021-06-11 | 3.6.15 |br| 3.7.12 |br| 3.8.12 |br| 3.9.7 |br| 3.10.0           | --                              | CVE-2013-0340                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response <vuln/urllib-100-continue-loop>`              | 2021-05-03 | 3.6.14 |br| 3.7.11 |br| 3.8.11 |br| 3.9.6 |br| 3.10.0           | --                              | CVE-2021-3737                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urllib.parse should sanitize urls containing ASCII newline and tabs. <vuln/urllib_parse_newline_tabs>`                            | 2021-04-18 | 3.6.14 |br| 3.7.11 |br| 3.8.11 |br| 3.9.5 |br| 3.10.0           | --                              | CVE-2022-0391                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ipaddress leading zeros in IPv4 address <vuln/ipaddress-ipv4-leading-zeros>`                                                      | 2021-03-30 | 3.8.12 |br| 3.9.5 |br| 3.10.0                                   | --                              | CVE-2021-29921                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ftplib should not use the host from the PASV response <vuln/ftplib-pasv>`                                                         | 2021-02-21 | 3.6.14 |br| 3.7.11 |br| 3.8.9 |br| 3.9.3 |br| 3.10.0            | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`http.server: Open Redirection if the URL path starts with // <vuln/http-server-redirection>`                                      | 2021-02-14 | 3.7.14 |br| 3.8.14 |br| 3.9.14 |br| 3.10.6 |br| 3.11.0          | --                              | CVE-2021-28861                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CVE-2021-3733: ReDoS in urllib.request <vuln/urllib-basic-auth-regex2>`                                                           | 2021-01-30 | 3.6.14 |br| 3.7.11 |br| 3.8.10 |br| 3.9.5 |br| 3.10.0           | --                              | CVE-2021-3733                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Information disclosure via pydoc getfile <vuln/pydoc-getfile>`                                                                    | 2021-01-21 | 3.6.14 |br| 3.7.11 |br| 3.8.9 |br| 3.9.3 |br| 3.10.0            | --                              | CVE-2021-3426                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urllib parse_qsl(): Web cache poisoning - semicolon as a query args separator <vuln/urllib-query-string-semicolon-separator>`     | 2021-01-19 | 3.6.13 |br| 3.7.10 |br| 3.8.8 |br| 3.9.2 |br| 3.10.0            | --                              | CVE-2021-23336                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ctypes: Buffer overflow in PyCArg_repr <vuln/ctypes-buffer-overflow-pycarg_repr>`                                                 | 2021-01-16 | 3.6.13 |br| 3.7.10 |br| 3.8.8 |br| 3.9.2 |br| 3.10.0            | --                              | CVE-2021-3177                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CJK codecs tests call eval() on content retrieved via HTTP <vuln/cjk-codec-download-eval>`                                        | 2020-10-05 | 3.6.13 |br| 3.7.10 |br| 3.8.7 |br| 3.9.1 |br| 3.10.0            | --                              | CVE-2020-27619                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`[CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface <vuln/ipaddress-hash-collisions>`                             | 2020-06-17 | 3.5.10 |br| 3.6.12 |br| 3.7.9 |br| 3.8.4 |br| 3.9.0             | --                              | CVE-2020-14422                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`http.client: HTTP Header Injection in the HTTP method <vuln/http-header-injection-method>`                                        | 2020-02-10 | 3.5.10 |br| 3.6.12 |br| 3.7.9 |br| 3.8.5 |br| 3.9.0             | --                              | CVE-2020-26116                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7 <vuln/unsafe-dll-load-windows-7>`                                    | 2020-01-21 | 3.6.11 |br| 3.7.7 |br| 3.8.2 |br| 3.9.0                         | --                              | CVE-2020-8315                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Email header injection in Address objects <vuln/email-address-header-injection>`                                                  | 2019-12-17 | 3.5.10 |br| 3.6.11 |br| 3.7.8 |br| 3.8.4 |br| 3.9.0             | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Infinite loop in tarfile module while opening a crafted file <vuln/tarfile-pax-dos>`                                              | 2019-12-10 | 3.5.10 |br| 3.6.12 |br| 3.7.9 |br| 3.8.5 |br| 3.9.0             | --                              | CVE-2019-20907                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Remove newline characters from uu encoding methods <vuln/uu-encoding-newline>`                                                    | 2019-11-30 | 2.7.18 |br| 3.5.10 |br| 3.6.10 |br| 3.7.6 |br| 3.8.1 |br| 3.9.0 | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urllib basic auth regex denial of service <vuln/urllib-basic-auth-regex>`                                                         | 2019-11-17 | 3.5.10 |br| 3.6.11 |br| 3.7.8 |br| 3.8.3 |br| 3.9.0             | --                              | CVE-2020-8492                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Regular Expression Denial of Service in http.cookiejar <vuln/cookiejar-redos>`                                                    | 2019-11-14 | 2.7.18 |br| 3.5.10 |br| 3.6.10 |br| 3.7.6 |br| 3.8.1 |br| 3.9.0 | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen() <vuln/urlopen-host-http-header-injection>`        | 2019-10-24 | 2.7.18 |br| 3.5.10 |br| 3.6.11 |br| 3.7.8 |br| 3.8.3 |br| 3.9.0 | --                              | CVE-2019-18348                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Reflected XSS in DocXMLRPCServer <vuln/docxmlrpcserver-xss>`                                                                      | 2019-09-21 | 2.7.17 |br| 3.5.8 |br| 3.6.10 |br| 3.7.5 |br| 3.8.0             | --                              | CVE-2019-16935                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ssl.match_hostname() ignores extra string after whitespace in IPv4 address <vuln/ssl-match_hostname-ipv4-trailing>`               | 2019-07-01 | 3.7.4 |br| 3.8.0                                                | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urlsplit does not handle NFKC normalization (second fix) <vuln/urlsplit-nfkc-normalization2>`                                     | 2019-04-27 | 2.7.17 |br| 3.5.8 |br| 3.6.9 |br| 3.7.4 |br| 3.8.0              | --                              | CVE-2019-10160                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urlsplit does not handle NFKC normalization <vuln/urlsplit-nfkc-normalization>`                                                   | 2019-03-06 | 2.7.17 |br| 3.5.7 |br| 3.6.9 |br| 3.7.3 |br| 3.8.0              | --                              | CVE-2019-9636                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urllib module local_file:// scheme <vuln/urllib-local-file-scheme>`                                                               | 2019-02-06 | 2.7.17 |br| 3.5.8 |br| 3.6.9 |br| 3.7.4 |br| 3.8.0              | --                              | CVE-2019-9948                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`TALOS-2018-0758 SSL CRL distribution points Denial of Service <vuln/ssl-crl-dps-dos>`                                             | 2019-01-15 | 2.7.16 |br| 3.4.10 |br| 3.5.7 |br| 3.6.9 |br| 3.7.3 |br| 3.8.0  | --                              | CVE-2019-5010                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`http.cookiejar: Incorrect validation of path <vuln/cookie-path-check>`                                                            | 2019-01-03 | 2.7.17 |br| 3.4.10 |br| 3.5.7 |br| 3.6.9 |br| 3.7.3 |br| 3.8.0  | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`xml package does not obey ignore_environment <vuln/xml-pakage-ignore-environment>`                                                | 2018-09-24 | 2.7.16 |br| 3.4.10 |br| 3.5.7 |br| 3.6.8 |br| 3.7.2 |br| 3.8.0  | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`pickle.load denial of service <vuln/pickle-load-dos>`                                                                             | 2018-09-13 | 3.4.10 |br| 3.5.7 |br| 3.6.7 |br| 3.7.1 |br| 3.8.0              | --                              | CVE-2018-20406                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`_elementree C accelerator doesn't call XML_SetHashSalt() <vuln/elementree-hash-salt>`                                             | 2018-09-10 | 2.7.16 |br| 3.4.10 |br| 3.5.7 |br| 3.6.7 |br| 3.7.1 |br| 3.8.0  | --                              | CVE-2018-14647                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`email.utils.parseaddr mistakenly parse an email <vuln/email-parseaddr-domain>`                                                    | 2018-07-19 | 2.7.17 |br| 3.5.8 |br| 3.6.10 |br| 3.7.5 |br| 3.8.0             | --                              | CVE-2019-16056                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Email folding function Denial-of-Service <vuln/email-fold-dos>`                                                                   | 2018-05-16 | 3.6.9 |br| 3.7.4 |br| 3.8.0                                     | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Buffer overflow vulnerability in os.symlink on Windows <vuln/buffer-overflow-os-symlink-windows>`                                 | 2018-03-05 | 3.4.9 |br| 3.5.6 |br| 3.6.5 |br| 3.7.0                          | --                              | CVE-2018-1000117                                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`difflib and poplib catastrophic backtracking <vuln/difflib-poplib-backtracking>`                                                  | 2018-03-02 | 2.7.15 |br| 3.4.9 |br| 3.5.6 |br| 3.6.5 |br| 3.7.0              | --                              | CVE-2018-1060 |br| CVE-2018-1061                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Python 2.7 readahead is not thread safe <vuln/python-2.7-readahead-not-thread-safe>`                                              | 2017-09-20 | 2.7.15                                                          | --                              | CVE-2018-1000030                                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Expat 2.2.3 <vuln/expat-2.2.3>`                                                                                                   | 2017-07-17 | 2.7.14 |br| 3.3.7 |br| 3.4.8 |br| 3.5.5 |br| 3.6.3 |br| 3.7.0   | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Environment variables injection in subprocess on Windows <vuln/env-var-injection-subprocess-windows>`                             | 2017-06-22 | 2.7.14 |br| 3.3.7 |br| 3.4.7 |br| 3.5.4 |br| 3.6.2 |br| 3.7.0   | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Expat 2.2.1 <vuln/expat-2.2.1>`                                                                                                   | 2017-06-17 | 2.7.14 |br| 3.3.7 |br| 3.4.7 |br| 3.5.4 |br| 3.6.2 |br| 3.7.0   | --                              | CVE-2012-0876 |br| CVE-2016-0718 |br| CVE-2016-9063 |br| CVE-2017-9233                                                                             |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`PyString_DecodeEscape integer overflow <vuln/pystring_decodeescape-integer-overflow>`                                             | 2017-06-13 | 2.7.14 |br| 3.4.8 |br| 3.5.5                                    | --                              | CVE-2017-1000158                                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`bpo-30500: urllib connects to a wrong host <vuln/urllib-connects-wrong-host>`                                                     | 2017-05-29 | 2.7.14 |br| 3.3.7 |br| 3.4.7 |br| 3.5.4 |br| 3.6.2 |br| 3.7.0   | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`HTTP Header Injection (follow-up of CVE-2016-5699) <vuln/http-header-injection2>`                                                 | 2017-05-24 | 2.7.17 |br| 3.5.8 |br| 3.6.9 |br| 3.7.4 |br| 3.8.0              | --                              | CVE-2019-9740 |br| CVE-2019-9947                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path <vuln/pysetpath-python-dll-path>`                                      | 2017-03-10 | 3.5.10 |br| 3.6.12 |br| 3.7.9 |br| 3.8.4 |br| 3.9.0             | --                              | CVE-2020-15523                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urllib FTP protocol stream injection <vuln/urllib-ftp-stream-injection>`                                                          | 2017-02-20 | 2.7.14 |br| 3.3.7 |br| 3.4.7 |br| 3.5.4 |br| 3.6.3 |br| 3.7.0   | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Expat 2.2 (Expat bug #537) <vuln/expat-2.2>`                                                                                      | 2017-02-17 | 2.7.14 |br| 3.3.7 |br| 3.4.7 |br| 3.5.4 |br| 3.6.2 |br| 3.7.0   | --                              | CVE-2016-0718 |br| CVE-2016-4472                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Zlib 1.2.11 <vuln/zlib-1.2.11>`                                                                                                   | 2017-01-05 | 2.7.14 |br| 3.4.8 |br| 3.5.4 |br| 3.6.1 |br| 3.7.0              | --                              | CVE-2016-9840 |br| CVE-2016-9841 |br| CVE-2016-9842 |br| CVE-2016-9843                                                                             |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`gettext.c2py() <vuln/gettext-c2py>`                                                                                               | 2016-10-30 | 2.7.13 |br| 3.3.7 |br| 3.4.6 |br| 3.5.3 |br| 3.6.0              | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Sweet32 attack (DES, 3DES) <vuln/sweet32>`                                                                                        | 2016-08-24 | 2.7.13 |br| 3.4.7 |br| 3.5.3 |br| 3.6.0                         | --                              | CVE-2016-2183                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`HTTPoxy attack <vuln/httpoxy>`                                                                                                    | 2016-07-18 | 2.7.13 |br| 3.3.7 |br| 3.4.6 |br| 3.5.3 |br| 3.6.0              | --                              | CVE-2016-1000110                                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`smtplib TLS stripping <vuln/smtplib-tls-stripping>`                                                                               | 2016-06-11 | 2.7.12 |br| 3.3.7 |br| 3.4.5 |br| 3.5.2 |br| 3.6.0              | --                              | CVE-2016-0772                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Issue #26657: HTTP server directory traversal <vuln/http-server-directory-traversal>`                                             | 2016-03-28 | 2.7.12 |br| 3.3.7 |br| 3.4.7 |br| 3.5.2 |br| 3.6.0              | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Issue #26556: Expat 2.1.1 <vuln/expat-2.1.1>`                                                                                     | 2016-03-14 | 2.7.12 |br| 3.3.7 |br| 3.4.5 |br| 3.5.2 |br| 3.6.0              | --                              | CVE-2015-1283                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`zipimporter overflow <vuln/zipimporter-overflow>`                                                                                 | 2016-01-21 | 2.7.12 |br| 3.3.7 |br| 3.4.5 |br| 3.5.2 |br| 3.6.0              | --                              | CVE-2016-5636                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`mailcap shell command injection  <vuln/mailcap-shell-injection>`                                                                  | 2015-08-02 | 3.7.16 |br| 3.8.16 |br| 3.9.16 |br| 3.10.8 |br| 3.11.0          | --                              | CVE-2015-20107                                                                                                                                     |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`HTTP header injection <vuln/http-header-injection>`                                                                               | 2014-11-24 | 2.7.10 |br| 3.3.7 |br| 3.4.4 |br| 3.5.0                         | --                              | CVE-2016-5699                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Validate TLS certificate <vuln/validate-tls-certificate>`                                                                         | 2014-08-28 | 2.7.9 |br| 3.4.3 |br| 3.5.0                                     | --                              | CVE-2014-9365                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`buffer() integer overflows <vuln/buffer-integer-overflows>`                                                                       | 2014-06-24 | 2.7.8                                                           | --                              | CVE-2014-7185                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`JSONDecoder.raw_decode <vuln/jsondecoder-raw_decode>`                                                                             | 2014-04-13 | 2.7.7 |br| 3.2.6 |br| 3.3.6 |br| 3.4.1 |br| 3.5.0               | --                              | CVE-2014-4616                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`os.makedirs() not thread-safe <vuln/os-makedirs-not-thread-safe>`                                                                 | 2014-03-28 | 3.2.6 |br| 3.3.6 |br| 3.4.1 |br| 3.5.0                          | --                              | CVE-2014-2667                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`socket.recvfrom_into() overflow <vuln/socket-recvfrom_into-overflow>`                                                             | 2014-01-14 | 2.7.7 |br| 3.2.6 |br| 3.3.4 |br| 3.4.0                          | --                              | CVE-2014-1912                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`zipfile DoS using invalid file size <vuln/zipfile-file-size-dos>`                                                                 | 2013-12-27 | 3.3.4 |br| 3.4.0                                                | --                              | CVE-2013-7338                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CGI directory traversal (URL parsing) <vuln/cgi-directory-traversal-url-parsing>`                                                 | 2013-10-29 | 2.7.6 |br| 3.2.6 |br| 3.3.4 |br| 3.4.0                          | --                              | --                                                                                                                                                 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ssl: NULL in subjectAltNames <vuln/ssl-null-subjectaltnames>`                                                                     | 2013-06-27 | 2.6.9 |br| 2.7.6 |br| 3.2.6 |br| 3.3.3 |br| 3.4.0               | --                              | CVE-2013-4238                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ssl.match_hostname() IDNA issue <vuln/ssl-match_hostname-idna>`                                                                   | 2013-05-17 | 3.3.3 |br| 3.4.0                                                | --                              | CVE-2013-7440                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ssl.match_hostname() wildcard DoS <vuln/ssl-match_hostname-wildcard-dos>`                                                         | 2013-05-15 | 3.2.6 |br| 3.3.3 |br| 3.4.0                                     | --                              | CVE-2013-2099                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Limit imaplib.IMAP4_SSL.readline() <vuln/limit-imap4_ssl-readline>`                                                               | 2012-09-25 | 2.7.16                                                          | --                              | CVE-2013-1752                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ftplib unlimited read <vuln/ftplib-unlimited-read>`                                                                               | 2012-09-25 | 2.7.6 |br| 3.2.6 |br| 3.3.3 |br| 3.4.0                          | --                              | CVE-2013-1752                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`nntplib unlimited read <vuln/nntplib-unlimited-read>`                                                                             | 2012-09-25 | 2.6.9 |br| 2.7.6 |br| 3.2.6 |br| 3.3.7 |br| 3.4.3 |br| 3.5.0    | --                              | CVE-2013-1752                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`poplib unlimited read <vuln/poplib-unlimited-read>`                                                                               | 2012-09-25 | 2.7.9 |br| 3.2.6 |br| 3.3.7 |br| 3.4.3 |br| 3.5.0               | --                              | CVE-2013-1752                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`smtplib unlimited read <vuln/smtplib-unlimited-read>`                                                                             | 2012-09-25 | 2.7.9 |br| 3.2.6 |br| 3.3.7 |br| 3.4.3 |br| 3.5.0               | --                              | CVE-2013-1752                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`xmlrpc gzip unlimited read <vuln/xmlrpc-gzip-unlimited-read>`                                                                     | 2012-09-25 | 2.7.9 |br| 3.3.7 |br| 3.4.3 |br| 3.5.0                          | --                              | CVE-2013-1753                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Hash function not randomized properly <vuln/hash-function-not-randomized-properly>`                                               | 2012-04-19 | 3.4.0                                                           | --                              | CVE-2013-7040                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Vulnerability in the utf-16 decoder after error handling <vuln/utf-16-decoder-after-error-handling>`                              | 2012-04-14 | 2.7.4 |br| 3.2.4 |br| 3.3.0                                     | --                              | CVE-2012-2135                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`XML-RPC DoS <vuln/xmlrpc-dos>`                                                                                                    | 2012-02-13 | 2.6.8 |br| 2.7.3 |br| 3.1.5 |br| 3.2.3 |br| 3.3.0               | --                              | CVE-2012-0845                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`ssl CBC IV attack <vuln/ssl-cbc-iv-attack>`                                                                                       | 2012-01-27 | 2.6.8 |br| 2.7.3 |br| 3.1.5 |br| 3.2.3 |br| 3.3.0               | --                              | CVE-2011-3389                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Hash DoS <vuln/hash-dos>`                                                                                                         | 2011-12-28 | 2.6.8 |br| 2.7.3 |br| 3.1.5 |br| 3.2.3 |br| 3.3.0               | --                              | CVE-2012-1150                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`pypirc created insecurely <vuln/pypirc-created-insecurely>`                                                                       | 2011-11-30 | 2.7.4 |br| 3.2.4 |br| 3.3.1 |br| 3.4.0                          | --                              | CVE-2011-4944                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`urllib redirect <vuln/urllib-redirect>`                                                                                           | 2011-03-24 | 2.5.6 |br| 2.6.7 |br| 2.7.2 |br| 3.1.4 |br| 3.2.1 |br| 3.3.0    | --                              | CVE-2011-1521                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`SimpleHTTPServer UTF-7 <vuln/simplehttpserver-utf-7>`                                                                             | 2011-03-08 | 2.5.6 |br| 2.6.7 |br| 2.7.2 |br| 3.2.4 |br| 3.3.1 |br| 3.4.0    | --                              | CVE-2011-4940                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`audioop integer overflows <vuln/audioop-integer-overflows>`                                                                       | 2010-05-10 | 2.6.6 |br| 2.7.0 |br| 3.1.3 |br| 3.2.0                          | --                              | CVE-2010-1634                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`audioop input validation <vuln/audioop-input-validation>`                                                                         | 2010-01-11 | 2.6.6 |br| 2.7.2 |br| 3.1.3 |br| 3.2.0                          | --                              | CVE-2010-2089                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`httplib unlimited read <vuln/httplib-unlimited-read>`                                                                             | 2009-08-28 | 2.7.2 |br| 3.1.4 |br| 3.2.0                                     | --                              | CVE-2013-1752                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`smtpd accept bug and race condition <vuln/smtpd-accept-bug-and-race-condition>`                                                   | 2009-08-14 | 2.7.1 |br| 3.1.3 |br| 3.2.0                                     | --                              | CVE-2010-3492 |br| CVE-2010-3493                                                                                                                   |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Multiple integer overflows (Apple) <vuln/multiple-integer-overflows-apple>`                                                       | 2008-07-31 | 2.6.0 |br| 3.0.0                                                | --                              | CVE-2008-1679 |br| CVE-2008-1721 |br| CVE-2008-1887 |br| CVE-2008-2315 |br| CVE-2008-2316 |br| CVE-2008-3142 |br| CVE-2008-3144 |br| CVE-2008-4864 |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`Multiple integer overflows (Google) <vuln/multiple-integer-overflows-google>`                                                     | 2008-04-11 | 2.5.3 |br| 2.6.0 |br| 3.0.0                                     | --                              | CVE-2008-3143                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`expandtab() integer overflow <vuln/expandtab-integer-overflow>`                                                                   | 2008-03-11 | 2.5.3 |br| 2.6.0 |br| 3.0.0                                     | --                              | CVE-2008-5031                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`CGI directory traversal (is_cgi() function) <vuln/cgi-directory-traversal-is_cgi>`                                                | 2008-03-07 | 2.7.0 |br| 3.2.4 |br| 3.3.1 |br| 3.4.0                          | --                              | CVE-2011-1015                                                                                                                                      |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
| :doc:`rgbimg and imageop overflows <vuln/rgbimg-imageop-overflows>`                                                                     | 2007-09-16 | 2.5.3 |br| 2.6.0                                                | --                              | CVE-2007-4965 |br| CVE-2009-4134 |br| CVE-2010-1449 |br| CVE-2010-1450                                                                             |
+-----------------------------------------------------------------------------------------------------------------------------------------+------------+-----------------------------------------------------------------+---------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+


Table of Contents:

.. toctree::
   :maxdepth: 2

   vuln/email-parseaddr-realname
   vuln/urlparse-scheme
   vuln/sha3-buffer-overflow
   vuln/slow-idna-large-strings
   vuln/multiprocessing-abstract-socket
   vuln/large-int-str-dos
   vuln/update-zlib-1-2-11
   vuln/update-bzip2-1-0-6
   vuln/expat-billion-laughs
   vuln/urllib-100-continue-loop
   vuln/urllib_parse_newline_tabs
   vuln/ipaddress-ipv4-leading-zeros
   vuln/ftplib-pasv
   vuln/http-server-redirection
   vuln/urllib-basic-auth-regex2
   vuln/pydoc-getfile
   vuln/urllib-query-string-semicolon-separator
   vuln/ctypes-buffer-overflow-pycarg_repr
   vuln/cjk-codec-download-eval
   vuln/ipaddress-hash-collisions
   vuln/http-header-injection-method
   vuln/unsafe-dll-load-windows-7
   vuln/email-address-header-injection
   vuln/tarfile-pax-dos
   vuln/uu-encoding-newline
   vuln/urllib-basic-auth-regex
   vuln/cookiejar-redos
   vuln/urlopen-host-http-header-injection
   vuln/docxmlrpcserver-xss
   vuln/ssl-match_hostname-ipv4-trailing
   vuln/urlsplit-nfkc-normalization2
   vuln/urlsplit-nfkc-normalization
   vuln/urllib-local-file-scheme
   vuln/ssl-crl-dps-dos
   vuln/cookie-path-check
   vuln/xml-pakage-ignore-environment
   vuln/pickle-load-dos
   vuln/elementree-hash-salt
   vuln/email-parseaddr-domain
   vuln/email-fold-dos
   vuln/buffer-overflow-os-symlink-windows
   vuln/difflib-poplib-backtracking
   vuln/python-2.7-readahead-not-thread-safe
   vuln/expat-2.2.3
   vuln/env-var-injection-subprocess-windows
   vuln/expat-2.2.1
   vuln/pystring_decodeescape-integer-overflow
   vuln/urllib-connects-wrong-host
   vuln/http-header-injection2
   vuln/pysetpath-python-dll-path
   vuln/urllib-ftp-stream-injection
   vuln/expat-2.2
   vuln/zlib-1.2.11
   vuln/gettext-c2py
   vuln/sweet32
   vuln/httpoxy
   vuln/smtplib-tls-stripping
   vuln/http-server-directory-traversal
   vuln/expat-2.1.1
   vuln/zipimporter-overflow
   vuln/mailcap-shell-injection
   vuln/http-header-injection
   vuln/validate-tls-certificate
   vuln/buffer-integer-overflows
   vuln/jsondecoder-raw_decode
   vuln/os-makedirs-not-thread-safe
   vuln/socket-recvfrom_into-overflow
   vuln/zipfile-file-size-dos
   vuln/cgi-directory-traversal-url-parsing
   vuln/ssl-null-subjectaltnames
   vuln/ssl-match_hostname-idna
   vuln/ssl-match_hostname-wildcard-dos
   vuln/limit-imap4_ssl-readline
   vuln/ftplib-unlimited-read
   vuln/nntplib-unlimited-read
   vuln/poplib-unlimited-read
   vuln/smtplib-unlimited-read
   vuln/xmlrpc-gzip-unlimited-read
   vuln/hash-function-not-randomized-properly
   vuln/utf-16-decoder-after-error-handling
   vuln/xmlrpc-dos
   vuln/ssl-cbc-iv-attack
   vuln/hash-dos
   vuln/pypirc-created-insecurely
   vuln/urllib-redirect
   vuln/simplehttpserver-utf-7
   vuln/audioop-integer-overflows
   vuln/audioop-input-validation
   vuln/httplib-unlimited-read
   vuln/smtpd-accept-bug-and-race-condition
   vuln/multiple-integer-overflows-apple
   vuln/multiple-integer-overflows-google
   vuln/expandtab-integer-overflow
   vuln/cgi-directory-traversal-is_cgi
   vuln/rgbimg-imageop-overflows