Synced 17 Jun 2026 22:27 UTC Account
← Python

Python vulnerabilities: known CVEs & security history

Python · Web / Runtime · 142 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all Python release lines — 142 in total. A CVE here doesn't mean your version is affected — check Python's current status and the safe version to run.

142
known CVEs
0
actively exploited (KEV)
17
critical severity
0
ransomware-linked

Known Python CVEs

Actively-exploited and most-severe first. Showing the top 80 of 142. Open any CVE for full details.

CVESeverityCVSSEPSSYear
CVE-2022-48565 critical 9.8 4% 2023
CVE-2022-37454 critical 9.8 5% 2022
CVE-2021-29921 critical 9.8 7% 2021
CVE-2021-3177 critical 9.8 23% 2021
CVE-2020-27619 critical 9.8 8% 2020
CVE-2020-15801 critical 9.8 3% 2020
CVE-2014-4650 critical 9.8 24% 2020
CVE-2019-12900 critical 9.8 8% 2019
CVE-2019-10160 critical 9.8 5% 2019
CVE-2019-9636 critical 9.8 9% 2019
CVE-2018-1000802 critical 9.8 21% 2018
CVE-2016-9063 critical 9.8 6% 2018
CVE-2017-1000158 critical 9.8 8% 2017
CVE-2016-5636 critical 9.8 26% 2016
CVE-2016-0718 critical 9.8 13% 2016
CVE-2007-4559 critical 9.8 27% 2007
CVE-2019-9948 critical 9.1 12% 2019
CVE-2008-5031 high 10 3% 2008
CVE-2008-1887 high 9.3 6% 2008
CVE-2020-29396 high 8.8 3% 2020
CVE-2017-17522 high 8.8 4% 2017
CVE-2016-4472 high 8.1 12% 2016
CVE-2024-9287 high 7.8 1% 2024
CVE-2022-42919 high 7.8 1% 2022
CVE-2020-15523 high 7.8 1% 2020
CVE-2019-13404 high 7.8 1% 2019
CVE-2015-20107 high 7.6 7% 2022
CVE-2026-7210 high 7.5 1% 2026
CVE-2026-3087 high 7.5 1% 2026
CVE-2026-4224 high 7.5 1% 2026
CVE-2026-3644 high 7.5 0% 2026
CVE-2025-13836 high 7.5 1% 2025
CVE-2024-6232 high 7.5 2% 2024
CVE-2024-7592 high 7.5 2% 2024
CVE-2023-41105 high 7.5 2% 2023
CVE-2022-48560 high 7.5 2% 2023
CVE-2023-36632 high 7.5 1% 2023
CVE-2023-24329 high 7.5 20% 2023
CVE-2022-45061 high 7.5 2% 2022
CVE-2020-10735 high 7.5 3% 2022
CVE-2018-25032 high 7.5 52% 2022
CVE-2021-3737 high 7.5 12% 2022
CVE-2022-0391 high 7.5 8% 2022
CVE-2021-28667 high 7.5 2% 2021
CVE-2019-20907 high 7.5 6% 2020
CVE-2013-1753 high 7.5 4% 2020
CVE-2019-9674 high 7.5 5% 2020
CVE-2019-5010 high 7.5 21% 2019
CVE-2019-17514 high 7.5 5% 2019
CVE-2019-16056 high 7.5 5% 2019
CVE-2019-15903 high 7.5 7% 2019
CVE-2018-20406 high 7.5 6% 2018
CVE-2018-14647 high 7.5 11% 2018
CVE-2018-1060 high 7.5 5% 2018
CVE-2017-9233 high 7.5 9% 2017
CVE-2016-2183 high 7.5 96% 2016
CVE-2014-1912 high 7.5 28% 2014
CVE-2010-1450 high 7.5 4% 2010
CVE-2010-1449 high 7.5 4% 2010
CVE-2009-2940 high 7.5 3% 2009
CVE-2008-4864 high 7.5 21% 2008
CVE-2008-2315 high 7.5 4% 2008
CVE-2008-2316 high 7.5 3% 2008
CVE-2008-3142 high 7.5 4% 2008
CVE-2008-3143 high 7.5 4% 2008
CVE-2008-1721 high 7.5 23% 2008
CVE-2006-4980 high 7.5 5% 2006
CVE-2005-0089 high 7.5 5% 2005
CVE-2004-0150 high 7.5 5% 2004
CVE-2021-28861 high 7.4 2% 2022
CVE-2014-0224 high 7.4 95% 2014
CVE-2020-26116 high 7.2 6% 2020
CVE-2015-5652 high 7.2 1% 2015
CVE-2013-7338 high 7.1 5% 2014
CVE-2022-26488 high 7 1% 2022
CVE-2008-5983 medium 6.9 1% 2009
CVE-2015-1283 medium 6.8 19% 2015
CVE-2013-0340 medium 6.8 19% 2014
CVE-2008-1679 medium 6.8 4% 2008
CVE-2018-1000117 medium 6.7 1% 2018

62 older / lower-severity CVEs not shown — see Python's full record.

Is my Python version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your Python version → · Monitor Python for new CVEs →

Python vulnerabilities — frequently asked

How many known vulnerabilities does Python have?

IsItPatched tracks 142 CVEs for Python. 17 are critical-severity and 58 high-severity. These span every release line — what matters is whether the version you run is affected.

Does Python have any actively-exploited vulnerabilities?

None of Python's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe Python vulnerability?

Among tracked issues, CVE-2022-48565 (CRITICAL, CVSS 9.8) ranks highest — a XML external entity (XXE) weakness.

Is Python safe to use?

It depends on the version. The latest supported Python release (3.14.6) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Python security status · Python end-of-life · actively-exploited CVEs. Always verify against Python's advisories — see our disclaimer.