| python-3.14 | 3.14.4-r3 | HIGH | CVE-2026-3298 | n/a | The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes par |
| glibc | 2.43-r6 | HIGH | CVE-2026-5928 | n/a | Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte |
| python-3.14 | 3.14.4-r3 | MEDIUM | CVE-2025-15366 | n/a | The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containin |
| python-3.14 | 3.14.4-r3 | MEDIUM | CVE-2025-15367 | n/a | The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing |
| python-3.14 | 3.14.4-r3 | MEDIUM | CVE-2025-12781 | n/a | When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always b |
| python-3.14 | 3.14.4-r3 | LOW | CVE-2026-6019 | n/a | http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML p |