SecAlerts
CVE ListPricingSign Up
Python logo

Python

Security Risk Profile

39
/100
low

Security Risk Score

Comprehensive risk assessment based on 360 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from October 4, 2002 to present

360
Total CVEs
169
Critical+High
1
Exploited
23
Unpatched

Threat Assessment

Avg CVSS
6.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
23
Critical/High
Risk Level
39/100
low
⚠️ 1 Active Exploits 1 Zero-Days📈 10 in Last 30 Days

Severity Distribution

Critical
41
High
128
Medium
124
Low
23

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
22

Age Distribution

Common Weaknesses (CWE)

1
Buffer Overflow
40
2
Input Validation
33
3
Integer Overflow
28
4
Infoleak
12
5
CRLF Injection
12

Most Affected Products

1. Python Python1129
2. Canonical Ubuntu Linux163
3. Python Software Foundation Python146
4. Fedoraproject Fedora145
5. redhat/python134

Recent Vulnerabilities

See more →
https://seclists.org/oss-sec/2026/q2/521
unknown

[oss-security][CVE-2026-8328] CPython: FTP PASV SSRF, ftpcp() does not use actual peer addss, trusts server-supplied PASV host addss

5/14/2026🔧 No Patch
CVE-2026-8328
CVSS 5.9EPSS 0%medium

FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

5/13/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/483
unknown

[oss-security][CVE-2026-7210] Cpython: The expat and elementte parsers use insufficient entropy for XML hash-flooding protection

5/11/2026🔧 No Patch
CVE-2026-44432
CVSS 8.9high

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

5/11/2026
CVE-2026-44431
CVSS 8.2high

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

5/11/2026
CVE-2026-42311
CVSS 8.6high

Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)

5/4/2026
CVE-2026-42310
CVSS 5.1medium

Pillow: PDF Parsing Trailer Infinite Loop (DoS)

5/4/2026
CVE-2026-42308
CVSS 5.1medium

Pillow: Integer overflow when processing fonts

5/4/2026
CVE-2026-42309
CVSS 5.1medium

Pillow: Heap buffer overflow with nested list coordinates

5/4/2026
CVE-2026-3087
CVSS 6.0medium

shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

4/27/2026

Monitor Python in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.