| CRLF Injection in urllib |
CRLF Injection |
push0ebp |
Medium |
2020-05-06 |
| CRLF Injection in urllib |
CRLF Injection |
push0ebp |
Medium |
2020-05-06 |
| A reflected XSS in python/Lib/DocXMLRPCServer.py |
Cross-site Scripting (XSS) - Reflected |
longwenzhang |
Medium |
2019-10-19 |
| XML hash collision DoS vulnerability in Python's xml.etree module |
Denial of Service |
tiran |
Low |
2018-11-01 |
| Unsafe arithmetic in PyString_DecodeEscape |
Integer Overflow |
jaybosamiya |
Low |
2017-08-15 |
| LZMADecompressor.decompress Use After Free |
Memory Corruption - Generic |
johnleitch |
Critical |
2016-12-05 |
| chain.__setstate__ Type Confusion |
Memory Corruption - Generic |
johnleitch |
Medium |
2016-12-05 |
| Type confusion in FutureIter_throw() which may potentially lead to an arbitrary code execution |
Code Injection |
artem |
Low |
2016-12-03 |
| msilib.OpenDatabase Type Confusion |
Code Injection |
johnleitch |
No rating |
2016-09-20 |
| Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack |
Code Injection |
nedw |
No rating |
2016-09-20 |
| urllib HTTP header injection CVE-2016-5699 |
None supplied |
guido |
No rating |
2016-09-01 |
| CVE-2016-0772 - python: smtplib StartTLS stripping attack |
Cryptographic Issues - Generic |
hxd |
No rating |
2016-08-30 |
| Heap corruption via Python 2.7.11 IOBase readline() |
Memory Corruption - Generic |
guido |
No rating |
2016-06-27 |
| Python 2.7 strop.replace Integer Overflow |
Memory Corruption - Generic |
johnleitch |
No rating |
2016-05-02 |
| tokenizer crash when processing undecodable source code |
None supplied |
androm3da |
No rating |
2015-11-14 |
| PyFloat_FromString & PyNumber_Long Buffer Over-reads |
None supplied |
johnleitch |
No rating |
2015-11-08 |
| Integer overflow in _Unpickler_Read |
None supplied |
hugbounter |
No rating |
2015-09-26 |
| Python 3.3 - 3.5 product_setstate() Out-of-bounds Read |
None supplied |
johnleitch |
No rating |
2015-09-12 |
| time_strftime() Buffer Over-read |
None supplied |
johnleitch |
No rating |
2015-09-07 |
| Python xmlparse_setattro() Type Confusion |
None supplied |
johnleitch |
No rating |
2015-09-07 |
| Python deque.index() uninitialized memory |
None supplied |
johnleitch |
No rating |
2015-09-03 |
| Python scan_eol() Buffer Over-read |
None supplied |
johnleitch |
No rating |
2015-09-03 |
| array.fromstring Use After Free |
None supplied |
johnleitch |
No rating |
2015-07-25 |
| use after free in load_newobj_ex |
None supplied |
tukan |
No rating |
2015-07-02 |
| bytearray.find Buffer Over-read |
None supplied |
johnleitch |
No rating |
2015-06-29 |
| audioop.adpcm2lin Buffer Over-read |
None supplied |
johnleitch |
No rating |
2015-06-28 |
| Integer overflow in _json_encode_unicode leads to crash |
None supplied |
nilch |
No rating |
2015-06-27 |
| Integer overflow in _pickle.c |
None supplied |
tukan |
No rating |
2015-06-27 |
| hotshot pack_string Heap Buffer Overflow |
None supplied |
johnleitch |
No rating |
2015-06-27 |
| audioop.lin2adpcm Buffer Over-read |
None supplied |
johnleitch |
No rating |
2015-06-26 |
| Python: imageop Unsafe Arithmetic |
None supplied |
johnleitch |
No rating |
2015-05-31 |
| Multiple use after free bugs in element module |
None supplied |
pakt_ |
No rating |
2015-05-18 |
| Multiple type confusions in unicode error handlers |
None supplied |
pakt_ |
No rating |
2015-05-18 |
| Use after free in get_filter |
None supplied |
pakt_ |
No rating |
2015-05-03 |
| Multiple use after free bugs in json encoding |
None supplied |
pakt_ |
No rating |
2015-05-03 |
| Multiple use after free bugs in heapq module |
None supplied |
pakt_ |
No rating |
2015-05-03 |
| Tokenizer crash when processing undecodable source code |
None supplied |
hugbounter |
No rating |
2015-04-21 |
| Multiple Python integer overflows |
None supplied |
pakt_ |
No rating |
2015-02-04 |
| PyUnicode_FromFormatV crasher |
None supplied |
guido |
No rating |
2014-12-15 |
| Misc Python bugs (Memory Corruption & Use After Free) |
None supplied |
pakt_ |
No rating |
2014-10-04 |
| integer overflow in 'buffer' type allows reading memory |
None supplied |
removed |
No rating |
2014-06-24 |
| Python vulnerability: reading arbitrary process memory |
None supplied |
guido |
No rating |
2014-06-20 |
| Integer overflow in strop.expandtabs |
None supplied |
ianbeer |
No rating |
2014-03-31 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles