py

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pypage 1 of 1

CVE-2020-29651HIGHCVSS 7.5EG 7.5✓ Fixed in 1.10.0
2020-12-09
vulnerable: 0.8.0-alpha2 ... 1.9.0 (63 versions)
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionali…
CVE-2022-42969MEDIUMCVSS 5.3EG 7.5
2022-10-16
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: …

Check whether py is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for py CVEs against the assets you own.

Start Free Scan →