Skip to content

Issues: python/cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
80 Open 1,139 Closed
80 Open 1,139 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[3.9] gh-80222: Fix email address header folding with long quoted-string (GH-122753) (GH-129111) awaiting merge topic-email type-security A security issue
#132371 opened Apr 10, 2025 by brianschubert Loading…
1
Add OpenSSL 3.5 support to CPython infrastructure build The build process and cross-build extension-modules C modules in the Modules dir topic-SSL type-feature A feature request or enhancement type-security A security issue
#132339 opened Apr 10, 2025 by scw
1
Update OpenSSL versions for CI and Windows build The build process and cross-build dependencies Pull requests that update a dependency file extension-modules C modules in the Modules dir infra CI, GitHub Actions, buildbots, Dependabot, etc. topic-SSL type-security A security issue
#131423 opened Mar 18, 2025 by picnixz
4 tasks done
@zooba @picnixz
22
gh-128840: Limit the number of parts in IPv6 address parsing awaiting merge needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#128841 opened Jan 14, 2025 by sethmlarson Loading…
12
IPv6 address parsing doesn't limit buffer size stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#128840 opened Jan 14, 2025 by sethmlarson
1
TarFile.extractall(..., filter='tar') arbitrary file chmod 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error type-security A security issue
#127987 opened Dec 16, 2024 by jwilk
4
Reconsider XML Security warnings / obsolete vulnerabilities docs Documentation in the Doc dir topic-XML type-security A security issue
#127502 opened Dec 2, 2024 by hannob
Ensure builtin hashlib implementations honor usedforsecurity=True when _hashlib is in FIPS mode extension-modules C modules in the Modules dir topic-SSL type-feature A feature request or enhancement type-security A security issue
#127298 opened Nov 26, 2024 by xnox
3
Update SBOM generation to meet new guidance from CISA type-security A security issue
#123038 opened Aug 15, 2024 by sethmlarson
8 tasks
@sethmlarson
1
Missing audit events for python -i and python -m asyncio 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes topic-repl Related to the interactive shell type-security A security issue
#121957 opened Jul 18, 2024 by ambv
@ambv
1
Disallow setting an empty list for NPN in CPython 3.9 and earlier 3.8 (EOL) end of life 3.9 only security fixes type-security A security issue
#121227 opened Jul 1, 2024 by sethmlarson
1
gh-119452: Fix OOM vulnerability in http.server needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#119455 opened May 23, 2024 by serhiy-storchaka Draft
2
gh-119451: Fix OOM vulnerability in http.client needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#119454 opened May 23, 2024 by serhiy-storchaka Draft
2
OOM vulnerability in the CGI server on Windows 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-IO type-security A security issue
#119452 opened May 23, 2024 by serhiy-storchaka
3
Out-of-memory when reading a HTTP response with large Content-Lenght 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes stdlib Python modules in the Lib dir topic-IO type-security A security issue
#119451 opened May 23, 2024 by serhiy-storchaka
Quadratic complexity in the UTF-7 decoder 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-unicode type-security A security issue
#119382 opened May 22, 2024 by serhiy-storchaka
3
gh-119342: Fix OOM vulnerability in plistlib needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes type-security A security issue
#119343 opened May 21, 2024 by serhiy-storchaka Draft
7
Out-of-memory when loading a Plist 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes type-security A security issue
#119342 opened May 21, 2024 by serhiy-storchaka
Consider applying flags for warnings about potential security issues build The build process and cross-build performance Performance or resource usage type-feature A feature request or enhancement type-security A security issue
#112301 opened Nov 21, 2023 by mdboom
27
NamedTemporaryFile() sample code is vulnerable to file squatting docs Documentation in the Doc dir type-security A security issue
#111783 opened Nov 6, 2023 by Sim4n6
4
Add an audit hook for os.path.join & pathlib calls involving an absolute path join 3.13 bugs and security fixes type-feature A feature request or enhancement type-security A security issue
#109985 opened Sep 27, 2023 by gpshead
Remove historic CRAM-MD5 mechanism topic-email type-feature A feature request or enhancement type-security A security issue
#107675 opened Aug 6, 2023 by Neustradamus
7
DoS Vulnerability in socket.create_connection through malicious DNS responses 3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes 3.13 bugs and security fixes stdlib Python modules in the Lib dir type-security A security issue
#106283 opened Jun 30, 2023 by NyanKiyoshi
4
Python 3.11.3 http.server NTFS Alternate Data Stream Information Disclosure OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104712 opened May 21, 2023 by fmunozs
4
Python 3.11.3 http.server CGI source code disclosure and directory listing OS-windows type-bug An unexpected behavior, bug, or error type-security A security issue
#104711 opened May 21, 2023 by fmunozs
4
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.