🌐
GitHub
github.com › fportantier › vulpy
GitHub - fportantier/vulpy: Vulnerable Python Application To Learn Secure Development · GitHub
This will permit learn how to develop python code following the best security practices. git clone https://github.com/fportantier/vulpy cd vulpy pip3 install --user -r requirements.txt ... Note: The "GOOD" version (not finished yet) is supposed to don't have vulnerabilities, but I'm a human being, so...
Starred by 127 users
Forked by 521 users
Languages   Python 46.1% | CSS 37.1% | HTML 15.9%
🌐
Snyk
snyk.io › blog › code-injection-python-prevention-examples
Code injection in Python: examples and prevention | Snyk
December 6, 2023 - These vulnerabilities often occur when an application mishandles user input. For example, insecure use of functions like eval() in Python without proper validation can lead to code injection.
🌐
GitHub
github.com › anxolerd › dvpwa
GitHub - anxolerd/dvpwa: Damn Vulnerable Python Web App · GitHub
You can also sanitize text, when users input it and prohibit different kinds of code injection. As per check_paswword function and database initialization script, passwords are not stored in the database themselves, but their md5 hashes. ... As hash function produces same output for same input, same passwords will produce the same hash. Passwords are vulnerable to statistical analysis: it is possible to determine how many people use the same password, how popular the password is, etc:
Starred by 190 users
Forked by 783 users
Languages   Python 55.2% | Jinja 44.3%
🌐
Aikido
aikido.dev › home › articles › top 10 python security vulnerabilities developers should avoid
Python Security Vulnerabilities | Top Issues
January 29, 2026 - In today’s fast-paced development pipelines, insecure Python code can introduce serious risks. Python is loved for its simplicity, but that same flexibility can turn dangerous if secure coding practices are neglected. From code injection pitfalls to vulnerable third-party libraries, even a small oversight can open the door for attackers.
🌐
Red Hat
redhat.com › en › blog › find-python-vulnerabilities
How to find third-party vulnerabilities in your Python code
November 20, 2025 - For this example, I used an outdated version of Rich: You should not ignore these warnings. ... You can scan your Python projects for third-party library vulnerabilities using pip-audit.
🌐
GitHub
github.com › Contrast-Security-OSS › vulnpy
GitHub - Contrast-Security-OSS/vulnpy: Purposely-vulnerable Python functions · GitHub
A library of purposely-vulnerable Python functions.
Starred by 17 users
Forked by 80 users
Languages   Python 53.7% | HTML 44.3% | Makefile 1.6%
🌐
Cisco Blogs
blogs.cisco.com › cisco blogs › developer › 5 python security traps you need to avoid
5 Python Security Traps You Need to Avoid
March 30, 2022 - Simply put, a Python library is code written by others, which can be easily imported into your script. Code is written by humans, humans make mistakes and mistakes get patched (hopefully).
🌐
PyPI
pypi.org › project › vulnerablecode
vulnerablecode · PyPI
VulnerableCode is a database of software package vulnerabilities with Web UI and API.
      » pip install vulnerablecode
    
Published   Jun 18, 2026
Version   39.0.0
🌐
Stack Abuse
stackabuse.com › checking-vulnerabilities-in-your-python-code-with-bandit
Checking Vulnerabilities in Your Python Code with Bandit
June 15, 2021 - In this guide - we'll explore how simple lines of code can end up being destructive, and how we can use Bandit to help us identify them. A security vulnerability in our code is a flaw that malicious agents can take advantage of to exploit our systems and/or data.
Find elsewhere
🌐
MozillaWiki
wiki.mozilla.org › Common_Python_Code_Vulnerabilities
Common Python Code Vulnerabilities
JavaScript is disabled in your browser · Please enable JavaScript to proceed · A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settings. Please check your connection, disable any ad blockers, or try using a different browser
🌐
Aqua Security
aquasec.com › home › application security › python security
Python Security: 6 Common Risks & What You Can Do About Them
July 23, 2024 - Injection flaws allow an attacker to deliver malicious code through an application to a backend or internal system. Injection vulnerabilities are common in Python, and come in several types such as command injection and SQL injection.
🌐
SonarSource
rules.sonarsource.com › python › type › vulnerability
Python static code analysis | Vulnerability
Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PYTHON code
🌐
GuardRails
guardrails.io › blog › how-to-detect-and-fix-the-five-most-common-python-security-vulnerabilities
How To Detect and Fix the Five Most Common Python Security Vulnerabilities - GuardRails
February 27, 2023 - Python is one of the biggest programming languages used today. Here are five of its most common security vulnerabilities and how to detect them.
🌐
GitHub
github.com › Vulnerable-Code-Samples › Python_Vulnerable_Code
GitHub - Vulnerable-Code-Samples/Python_Vulnerable_Code: A small collection of vulnerable code snippets
A collection of vulnerable code snippets taken form around the internet. Snippets taken from various blog posts, books, resources etc.
Forked by 7 users
Languages   PHP 31.6% | JavaScript 16.8% | C# 14.4% | C 12.5% | Python 11.0% | Java 6.2% | PHP 31.6% | JavaScript 16.8% | C# 14.4% | C 12.5% | Python 11.0% | Java 6.2%
🌐
GitHub
github.com › mpirnat › lets-be-bad-guys
GitHub - mpirnat/lets-be-bad-guys: A deliberately-vulnerable website and exercises for teaching about the OWASP Top 10
You’ll need Git to check out the code repository that we’ll be working with. You can download it from http://git-scm.com. All of our examples were developed and tested against Python 2.7 and 3.4.
Starred by 188 users
Forked by 365 users
Languages   HTML 60.8% | Python 24.8% | JavaScript 13.5% | CSS 0.9% | HTML 60.8% | Python 24.8% | JavaScript 13.5% | CSS 0.9%
🌐
CVE Details
cvedetails.com › vulnerability-list › vendor_id-10210 › opec-1 › Python.html
Python : Security vulnerabilities, CVEs Code Execution
... Expat allows context-dependent ... Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string....
🌐
ScienceDirect
sciencedirect.com › science › article › abs › pii › S0167739X24004680
DetectVul: A statement-level code vulnerability detection for Python - ScienceDirect
September 10, 2024 - Given that C/C++ allows direct memory manipulation, which often leads to vulnerabilities like buffer overflows and memory leaks, previous works [22], [27] have constructed graphs such as program dependency graphs (PDGs) and code property graphs (CPGs) to uncover data-related vulnerabilities. Control flow graphs (CFGs) and call graphs (CGs) have also been used to trace execution paths where input validation may be bypassed [23], [25], [26]. This GNN-based approach can also be adapted for Python, where models trained on CFGs can analyze and identify Python-specific vulnerabilities, typically involving improper input validation, insecure deserialization, or misuse of security-sensitive functions, rather than memory corruption.
🌐
CVE Details
cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › Python-Python.html
Python Python : Security vulnerabilities, CVEs
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer ...