Python (IBB)


43 total issues disclosed

$49,000 total paid publicly


Most disclosed (30 disclosures) — None supplied

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
CRLF Injection in urllib CRLF Injection push0ebp Medium 2020-05-06
CRLF Injection in urllib CRLF Injection push0ebp Medium 2020-05-06
A reflected XSS in python/Lib/DocXMLRPCServer.py Cross-site Scripting (XSS) - Reflected longwenzhang Medium 2019-10-19
XML hash collision DoS vulnerability in Python's xml.etree module Denial of Service tiran Low 2018-11-01
Unsafe arithmetic in PyString_DecodeEscape Integer Overflow jaybosamiya Low 2017-08-15
LZMADecompressor.decompress Use After Free Memory Corruption - Generic johnleitch Critical 2016-12-05
chain.__setstate__ Type Confusion Memory Corruption - Generic johnleitch Medium 2016-12-05
Type confusion in FutureIter_throw() which may potentially lead to an arbitrary code execution Code Injection artem Low 2016-12-03
msilib.OpenDatabase Type Confusion Code Injection johnleitch No rating 2016-09-20
Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack Code Injection nedw No rating 2016-09-20
urllib HTTP header injection CVE-2016-5699 None supplied guido No rating 2016-09-01
CVE-2016-0772 - python: smtplib StartTLS stripping attack Cryptographic Issues - Generic hxd No rating 2016-08-30
Heap corruption via Python 2.7.11 IOBase readline() Memory Corruption - Generic guido No rating 2016-06-27
Python 2.7 strop.replace Integer Overflow Memory Corruption - Generic johnleitch No rating 2016-05-02
tokenizer crash when processing undecodable source code None supplied androm3da No rating 2015-11-14
PyFloat_FromString & PyNumber_Long Buffer Over-reads None supplied johnleitch No rating 2015-11-08
Integer overflow in _Unpickler_Read None supplied hugbounter No rating 2015-09-26
Python 3.3 - 3.5 product_setstate() Out-of-bounds Read None supplied johnleitch No rating 2015-09-12
time_strftime() Buffer Over-read None supplied johnleitch No rating 2015-09-07
Python xmlparse_setattro() Type Confusion None supplied johnleitch No rating 2015-09-07
Python deque.index() uninitialized memory None supplied johnleitch No rating 2015-09-03
Python scan_eol() Buffer Over-read None supplied johnleitch No rating 2015-09-03
array.fromstring Use After Free None supplied johnleitch No rating 2015-07-25
use after free in load_newobj_ex None supplied tukan No rating 2015-07-02
bytearray.find Buffer Over-read None supplied johnleitch No rating 2015-06-29
audioop.adpcm2lin Buffer Over-read None supplied johnleitch No rating 2015-06-28
Integer overflow in _json_encode_unicode leads to crash None supplied nilch No rating 2015-06-27
Integer overflow in _pickle.c None supplied tukan No rating 2015-06-27
hotshot pack_string Heap Buffer Overflow None supplied johnleitch No rating 2015-06-27
audioop.lin2adpcm Buffer Over-read None supplied johnleitch No rating 2015-06-26
Python: imageop Unsafe Arithmetic None supplied johnleitch No rating 2015-05-31
Multiple use after free bugs in element module None supplied pakt_ No rating 2015-05-18
Multiple type confusions in unicode error handlers None supplied pakt_ No rating 2015-05-18
Use after free in get_filter None supplied pakt_ No rating 2015-05-03
Multiple use after free bugs in json encoding None supplied pakt_ No rating 2015-05-03
Multiple use after free bugs in heapq module None supplied pakt_ No rating 2015-05-03
Tokenizer crash when processing undecodable source code None supplied hugbounter No rating 2015-04-21
Multiple Python integer overflows None supplied pakt_ No rating 2015-02-04
PyUnicode_FromFormatV crasher None supplied guido No rating 2014-12-15
Misc Python bugs (Memory Corruption & Use After Free) None supplied pakt_ No rating 2014-10-04
integer overflow in 'buffer' type allows reading memory None supplied removed No rating 2014-06-24
Python vulnerability: reading arbitrary process memory None supplied guido No rating 2014-06-20
Integer overflow in strop.expandtabs None supplied ianbeer No rating 2014-03-31