CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-6075 – Quadratic complexity in os.path.expandvars() with user-controlled template
https://notcve.org/view.php?id=CVE-2025-6075
31 Oct 2025 — If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. Caleb Brown discovered that Python incorrectly handled the ZIP64 End of Central Directory Locator record offset value. An attacker could possibly use this issu... • https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-8291 – ZIP64 End of Central Directory (EOCD) Locator record offset not checked
https://notcve.org/view.php?id=CVE-2025-8291
07 Oct 2025 — The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record ma... • https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8194 – Tarfile infinite loop during parsing with negative member offset
https://notcve.org/view.php?id=CVE-2025-8194
28 Jul 2025 — There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 Existe un defecto en el módulo "tarfi... • https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-6069 – HTMLParser quadratic complexity when processing malformed inputs
https://notcve.org/view.php?id=CVE-2025-6069
17 Jun 2025 — The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. It was discovered that Python inefficiently parsed maliciously crafted HTML input. An attacker could possibly use this issue to cause a denial of service. It was discovered that Python incorrectly parsed maliciously crafted Tar archives. An attacker could possibly use this issue to cause a denial of service. • https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-12718 – Bypass extraction filter to modify file metadata outside extraction directory
https://notcve.org/view.php?id=CVE-2024-12718
03 Jun 2025 — Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more inform... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-4435 – Tarfile extracts filtered members when errorlevel=0
https://notcve.org/view.php?id=CVE-2025-4435
03 Jun 2025 — When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped. A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms. When using a TarFile.errorle... • https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da • CWE-682: Incorrect Calculation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2025-4138 – Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
https://notcve.org/view.php?id=CVE-2025-4138
03 Jun 2025 — Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. O... • https://packetstorm.news/files/id/215757 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2025-4330 – Extraction filter bypass for linking outside extraction directory
https://notcve.org/view.php?id=CVE-2025-4330
03 Jun 2025 — Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. O... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-4517 – Arbitrary writes via tarfile realpath overflow
https://notcve.org/view.php?id=CVE-2025-4517
03 Jun 2025 — Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by t... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-4516 – Use-after-free in "unicode_escape" decoder with error handler
https://notcve.org/view.php?id=CVE-2025-4516
15 May 2025 — There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. • https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 • CWE-416: Use After Free •