-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpython.html
204 lines (196 loc) · 11.8 KB
/
python.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
<!doctype html>
<html lang="en-AU" xml:lang="en-AU" dir="ltr">
<head>
<meta charset="utf-8" />
<meta property="og:title" content="Vulnerability Charts – Python" />
<meta property="og:description" content="A chart of which Python versions are safe/unsafe, and their CVSS." />
<meta property="og:image" content="https://maikuolan.github.io/Vulnerability-Charts/vcharts.png" />
<meta property="og:url" content="https://maikuolan.github.io/Vulnerability-Charts/python.html" />
<link rel="stylesheet" href="styles.css" />
<title>Vulnerability Charts</title>
</head>
<body>
<div class="co"><div class="ci">
<hr />
<h1>Vulnerability Charts</h1>
<p><em>Last modified: <time datetime="2025-01-02">2025.01.02</time> (checked on 2025.02.01; no changes since last modified)</em></p>
<p><em>
CVSS values listed are those of the highest scoring CVEs for any listed version.
The highest possible score is <span class="xr"><strong>10.0</strong></span>, indicating that a version is considered
to be <span class="xr"><strong>❌ extremely unsafe</strong></span>. The lowest possible score is
<span class="xg"><strong>0.0</strong></span>, indicating that a version is <strong><em>currently</em></strong>
considered to be <span class="xg"><strong>✔️ safe</strong></span> (although, other designations are possible,
depending on other factors, such as whether the product has reached EoL, is still actively supported, is still under
development and therefore whether it's ready to be used in a production environment and etc).<br />
<br />
Versions will also be marked as either <span class="xg"><strong>✔️ safe</strong></span> or
<span class="xr"><strong>❌ unsafe</strong></span> accordingly, or as
<span class="xb"><strong>➖ in development</strong></span> (versions marked as in development may be safe, but aren't
yet considered to be ready for a production environment, or may have a changing codebase, which therefore can't yet
be predicated as either safe or unsafe), or as <span class="xo"><strong>〰️ disputed</strong></span> (CVEs exist, and
there are sources which identify the version as unsafe, but the CVE or unsafe designation may be disputed, either by
the vendor itself or alternative sources).<br />
<br />
Please note that a <span class="xg"><strong>✔️ safe</strong></span> designation does <span class="xr"><strong>NOT</strong></span> mean that the designated versions are <strong>free from bugs and errors</strong>!
When a new "patch release" becomes available, in general, these patch releases rectify various problems, bugs and so forth which could be encountered when using outdated versions from prior to the particular patch release.
As such, using the latest version for any particular branch is always advised in favour of using older, outdated versions.<br />
<br />
If you find any errors, would like to add to the list or make some changes, please send a pull request to the <a href="https://github.com/Maikuolan/Vulnerability-Charts">GitHub repository</a> for this page.<br />
Licensing (for this repository): <a href="https://github.com/Maikuolan/Vulnerability-Charts/blob/gh-pages/LICENSE.txt">MIT License</a> (feel free to copy and adapt it if you want).
</em></p>
<hr />
<table>
<tr>
<td colspan="2"></td>
<td class="h1t">CVSS</td>
<td class="h1">Safe?</td>
<td class="h1">Notes</td>
</tr>
<tr>
<td class="h1l" rowspan="22"><span class="tb"><a href="https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=Python">Python versions</a></span></td>
<td class="h2">Python 3.13.0 – 3.13.1<br /><small>(2024.10.07 – 2024.12.03)</small></td>
<td class="h2"><span class="xg">0.0</span></td>
<td class="h2"><span class="xg">✔️</span></td>
<td class="h2">(<a href="https://www.python.org/downloads/">3.13.1</a> is the current latest version on the 3.13x branch).<br /></td>
</tr>
<tr>
<td class="h2">Python 3.12.6 – 3.12.8<br /><small>(2024.09.06 – 2024.12.03)</small></td>
<td class="h2"><span class="xg">0.0</span></td>
<td class="h2"><span class="xg">✔️</span></td>
<td class="h2">(3.12.8 is the current latest version on the 3.12x branch).<br /></td>
</tr>
<tr>
<td class="h2">Python 3.12.0 – 3.12.5<br /><small>(2023.12.08 – 2024.08.06)</small></td>
<td class="h2"><span class="xr">6.6~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2"><small>See: <a href="https://security.snyk.io/vuln/SNYK-UNMANAGED-PYTHON-6814534">CVE-2024-4030</a>, **<a href="https://github.com/advisories/GHSA-4hvh-m426-wv8w">CVE-2024-45490</a>, **<a href="https://nvd.nist.gov/vuln/detail/CVE-2023-52425">CVE-2023-52425</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-27043">CVE-2023-27043</a><br />
**Affects bundled dependency, rather than the core package itself.</small></td>
</tr>
<tr>
<td class="h2">Python 3.11.10 – 3.11.11<br /><small>(2024.09.07 – 2024.12.03)</small></td>
<td class="h2"><span class="xg">0.0</span></td>
<td class="h2"><span class="xg">✔️</span></td>
<td class="h2">(3.11.11 is the current latest version on the 3.11x branch).</td>
</tr>
<tr>
<td class="h2">Python 3.11.5 – 3.11.9<br /><small>(2023.08.24 – 2024.04.02)</small></td>
<td class="h2"><span class="xr">**7.5~**9.8</span></td>
<td class="h2"><span class="xr">**❌</span></td>
<td class="h2"><small>See: **<a href="https://github.com/advisories/GHSA-4hvh-m426-wv8w">CVE-2024-45490</a><br />
**Affects bundled dependency, rather than the core package itself.</small></td>
</tr>
<tr>
<td class="h2">Python 3.11.4<br /><small>(2023.06.06)</small></td>
<td class="h2"><span class="xr">6.6~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2"></td>
</tr>
<tr>
<td class="h2">Python 3.11.0 – 3.11.3<br /><small>(2022.10.24 – 2023.04.05)</small></td>
<td class="h2"><span class="xr">7.5~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2">
<small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</a>.</small>
</td>
</tr>
<tr>
<td class="h2">Python 3.10.15 – 3.10.16<br /><small>(2024.09.07 – 2024.12.03)</small></td>
<td class="h2"><span class="xg">0.0</span></td>
<td class="h2"><span class="xg">✔️</span></td>
<td class="h2">(3.10.16 is the current latest version on the 3.10x branch).</td>
</tr>
<tr>
<td class="h2">Python 3.10.13 – 3.10.14<br /><small>(2023.08.24 – 2024.03.19)</small></td>
<td class="h2"><span class="xr">**7.5~**9.8</span></td>
<td class="h2"><span class="xr">**❌</span></td>
<td class="h2"></td>
</tr>
<tr>
<td class="h2">Python 3.10.12<br /><small>(2023.06.06)</small></td>
<td class="h2"><span class="xr">6.6~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2"></td>
</tr>
<tr>
<td class="h2">Python 3.10.0 – 3.10.11<br /><small>(2021.10.04 – 2023.04.05)</small></td>
<td class="h2"><span class="xr">7.5~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2">
<small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735">CVE-2020-10735</a>, <a href="https://nvd.nist.gov/vuln/detail/cve-2018-25032">CVE-2018-25032</a>.</small>
</td>
</tr>
<tr>
<td class="h2">Python 3.9.20 – 3.9.21<br /><small>(2024.09.06 – 2024.12.03)</small></td>
<td class="h2"><span class="xg">0.0</span></td>
<td class="h2"><span class="xg">✔️</span></td>
<td class="h2">(3.9.21 is the current latest version on the 3.9x branch).</td>
</tr>
<tr>
<td class="h2">Python 3.9.17 – 3.9.19<br /><small>(2023.06.06 – 2024.03.19)</small></td>
<td class="h2"><span class="xr">6.6~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2"></td>
</tr>
<tr>
<td class="h2">Python 3.9.5 – 3.9.16<br /><small>(2021.05.03 – 2022.12.06)</small></td>
<td class="h2"><span class="xr">7.5~**9.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2">
<small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735">CVE-2020-10735</a>, <a href="https://nvd.nist.gov/vuln/detail/cve-2018-25032">CVE-2018-25032</a>.</small>
</td>
</tr>
<tr>
<td class="h2">Python 3.9.0 – 3.9.4<br /><small>(2020.10.05 – 2021.04.04)</small></td>
<td class="h2"><span class="xr">9.8~10.0</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2">
<small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3426">CVE-2021-3426</a>, <a href="https://nvd.nist.gov/vuln/search/results?adv_search=true&query=cpe%3A2.3%3Aa%3Apython%3Apython%3A3.9.4%3A*%3A*%3A*%3A*%3A*%3A*%3A*">NVD Results (Python 3.9.4)</a>.</small>
</td>
</tr>
<tr>
<td class="h2 eol">Python 3.8.20<br /><small>(2024.09.06)</small></td>
<td class="h2 eol"><span class="xg">0.0</span></td>
<td class="h2 eol"><span class="xg">✔️</span></td>
<td class="h2 eol">(3.8.20 is the current latest version on the 3.8x branch).</td>
</tr>
<tr>
<td class="h2 eol">Python 3.8.17 – 3.8.19<br /><small>(2023.06.06 – 2024.03.19)</small></td>
<td class="h2 eol"><span class="xr">6.6~**9.8</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol"></td>
</tr>
<tr>
<td class="h2 eol">Python 3.8.10 – 3.8.16<br /><small>(2021.05.03 – 2022.12.06)</small></td>
<td class="h2 eol"><span class="xr">7.5~**9.8</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol"><small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735">CVE-2020-10735</a>.</small></td>
</tr>
<tr>
<td class="h2 eol">Python 3.8.0 – 3.8.9<br /><small>(2019.10.14 – 2021.04.02)</small></td>
<td class="h2 eol"><span class="xr">9.8~10.0</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol"><small>See: <a href="https://bugs.python.org/issue42103">#42103</a>, <a href="https://bugs.python.org/issue42051">#42051</a>, <a href="https://bugs.python.org/issue40791">#40791</a>, <a href="https://nvd.nist.gov/vuln/search/results?adv_search=true&query=cpe%3A2.3%3Aa%3Apython%3Apython%3A3.9.1%3A*%3A*%3A*%3A*%3A*%3A*%3A*">NVD Results (Python 3.9.1)</a>.</small></td>
</tr>
<tr>
<td class="h2 eol">Python 3.7.17<br /><small>(2023.06.06)</small></td>
<td class="h2 eol"><span class="xr">6.6~**9.8</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol">(3.7.17 is the final version on the 3.7x branch).</td>
</tr>
<tr>
<td class="h2 eol">Python 3.7.11 – 3.7.16<br /><small>(2021.06.28 – 2022.12.06)</small></td>
<td class="h2 eol"><span class="xr">7.5~**9.8</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol"><small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735">CVE-2020-10735</a>.</small></td>
</tr>
<tr>
<td class="h2 eol">Python ≤ 3.7.10<br /><small>(2021.02.15)</small></td>
<td class="h2 eol"><span class="xr">9.8~10.0</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol"><small>See: <a href="https://bugs.python.org/issue42103">#42103</a>, <a href="https://bugs.python.org/issue42051">#42051</a>, <a href="https://bugs.python.org/issue40791">#40791</a>, <a href="https://nvd.nist.gov/vuln/search/results?adv_search=true&query=cpe%3A2.3%3Aa%3Apython%3Apython%3A3.9.1%3A*%3A*%3A*%3A*%3A*%3A*%3A*">NVD Results (Python 3.9.1)</a>.</small></td>
</tr>
</table>
<hr />
</div></div>
</body>
</html>