CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48379 – Pillow Vulnerable to Write Buffer Overflow on BCn encoding
https://notcve.org/view.php?id=CVE-2025-48379
01 Jul 2025 — Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0. Pillow es una librería de imágenes de Python. • https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6069 – HTMLParser quadratic complexity when processing malformed inputs
https://notcve.org/view.php?id=CVE-2025-6069
17 Jun 2025 — The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. • https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-12718 – Bypass extraction filter to modify file metadata outside extraction directory
https://notcve.org/view.php?id=CVE-2024-12718
03 Jun 2025 — Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more inform... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4435 – Tarfile extracts filtered members when errorlevel=0
https://notcve.org/view.php?id=CVE-2025-4435
03 Jun 2025 — When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped. A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms. When using a TarFile.errorle... • https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da • CWE-682: Incorrect Calculation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4138 – Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
https://notcve.org/view.php?id=CVE-2025-4138
03 Jun 2025 — Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. O... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4330 – Extraction filter bypass for linking outside extraction directory
https://notcve.org/view.php?id=CVE-2025-4330
03 Jun 2025 — Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. O... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4517 – Arbitrary writes via tarfile realpath overflow
https://notcve.org/view.php?id=CVE-2025-4517
03 Jun 2025 — Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by t... • https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4516 – Use-after-free in "unicode_escape" decoder with error handler
https://notcve.org/view.php?id=CVE-2025-4516
15 May 2025 — There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. • https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 • CWE-416: Use After Free •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46656
https://notcve.org/view.php?id=CVE-2025-46656
26 Apr 2025 — python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption. • https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43859 – h11 accepts some malformed Chunked-Encoding bodies
https://notcve.org/view.php?id=CVE-2025-43859
24 Apr 2025 — h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue. A flaw was found in the h11. • https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •