🌐
Snyk
security.snyk.io › snyk vulnerability database › linux › chainguard
python-3.8 vulnerabilities | Snyk
Known vulnerabilities in the python-3.8 package.
🌐
Readthedocs
python-security.readthedocs.io › vulnerabilities.html
Python Security Vulnerabilities — Python Security 0.0 documentation
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format.
🌐
Cybersecurity Help
cybersecurity-help.cz › vdb › python_org › python › 3.8
Known Vulnerabilities in Python 3.8
Denial of service in Python03 Sep, 2024 Medium Patched
🌐
Maikuolan
maikuolan.github.io › Vulnerability-Charts › python.html
Vulnerability Charts – Python
January 7, 2026 - A chart of which Python versions are safe/unsafe, and their CVSS.
🌐
Reddit
reddit.com › r/python › corporate it have banned all versions of python lower than the latest
r/Python on Reddit: Corporate IT have banned all versions of python lower than the latest
November 21, 2023 -

I.e. right now they are insisting we use v3.12 only because older versions have some vulnerabilities their scanner picked up.

I need to somehow explain that this is a terrible idea and that many packages won't support the most up to date version without causing them to panic and overstep even more.

This requirement is company wide (affects development, data science and analytics).

Edit - thanks for all the advice, I think the crux is that they don't understand how the versioning works and are confusing major and minor versions. I will explain this and hopefully we will be able to use the latest minor versions for 3.11/3.10/3.9

Top answer
1 of 5
707
Don't know what your environments look like, but we upgraded almost all of ours to 3.12, I would definitely recommend it. Most packages are already up to date. That being said, if IT doesn't understand why you might need to run 3.11 for some packages, can't you simply provide them a list of the packages that don't support 3.12 and tell them you'll upgrade those systems when their dependencies catch up?
2 of 5
159
And yet some corporate IT have also banned all Python newer than 2.7.
🌐
CVE Details
cvedetails.com › version › 1371103 › Python-Python-3.8.html
Python Python 3.8 security vulnerabilities, CVEs
Python Python version 3.8 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references
🌐
Vulmon
vulmon.com › home › search results
python python 3.8.0 vulnerabilities and exploits
A security regression of CVE-2019-9636 exists in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an malicious user to exploit CVE-2019-9636 by abusing the user and password p...
🌐
CVE Details
cvedetails.com › version › 1817941 › Python-Python-3.8.19.html
Python Python 3.8.19 security vulnerabilities, CVEs
Python Python version 3.8.19 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references
🌐
Snyk
snyk.io › test › docker › python:3.8.10-buster
Vulnerability report for Docker python:3.8.10-buster | Snyk
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Find elsewhere
🌐
NIST
nvd.nist.gov › vuln › search › results
NVD - Results
VulnerabilitiesSearch And Statistics · Sort results by: Publish Date Descending · Publish Date Ascending · Modified Date Descending · Modified Date Ascending Sort · Search Parameters: Results Type: Overview · Keyword (text search): cpe:2.3:a:python:python:3.8.12:*:*:*:*:*:*:* CPE Name ...
🌐
CVE Details
cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › Python-Python.html
Python Python : Security vulnerabilities, CVEs
Security vulnerabilities of Python Python : List of vulnerabilities affecting any version of this product
🌐
CVE Details
cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › version_id-623060 › Python-Python-3.8.0.html
Python Python version 3.8.0 : Security vulnerabilities, CVEs
This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. Source: Red Hat, Inc. ... In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. ... Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.
🌐
Stack
stack.watch › product › python › python
Python Security Vulnerabilities in 2026 - stack.watch
Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. ... The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. ... A flaw was found in python.
🌐
Snyk
snyk.io › test › docker › python:3.8-slim
Vulnerability report for Docker python:3.8-slim | Snyk
Learn more about Docker python:3.8-slim vulnerabilities. Docker image python has 77 known vulnerabilities found in 147 vulnerable paths.
🌐
Cisco Bug Search Tool
bst.cisco.com › quickview › bug › CSCwe54516
Vulnerabilities in python 3.8.10 CVE-2023-24329
We cannot provide a description for this page right now
🌐
Python.org
discuss.python.org › committers
Python 3.10.3, 3.9.11, 3.8.13, and 3.7.13 are now available with security content - Committers - Discussions on Python.org
March 16, 2022 - Welcome again to the exciting world of releasing new Python versions! Last time around I was complaining about cursed releases. This time around I could complain about security content galore and how one of them ruined …
🌐
Gentoo
security.gentoo.org › glsa › 202506-07
Python, PyPy: Multiple Vulnerabilities (GLSA 202506-07) — Gentoo security
June 12, 2025 - # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-3.14.0_beta2:3.14" # emerge --ask --oneshot --verbose ">=dev-lang/python-3.13.3_p1:3.13" # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.10_p1:3.12" # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.12_p1:3.11" # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.17_p1:3.10" # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.22_p1:3.9" # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.20_p7:3.8" # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.10.7.3.19_p4:3.10" # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.11.7.3.19_p9:3.11"
🌐
Python
python.org › downloads › release › python-3814
Python Release Python 3.8.14 | Python.org
According to the release calendar specified in PEP 569, Python 3.8 is now in the "security fixes only" stage of its life cycle: 3.8 branch only accepts security fixes and releases of those are made irregularly in source-only form until October 2024. Python 3.8 isn't receiving regular bug fixes anymore, and binary installers are no longer provided for it.
🌐
NIST
nvd.nist.gov › vuln › detail › cve-2020-15523
CVE-2020-15523 Detail - NVD
This is a potential security issue, you are being redirected to https://nvd.nist.gov · Official websites use .gov A .gov website belongs to an official government organization in the United States
🌐
Snyk
security.snyk.io › snyk vulnerability database › linux › chainguard
python-3.9 - Vulnerability
Security vulnerabilities and package health score for chainguard:latest package python-3.9
Related queries
python 3.6 vulnerabilities
python 3.9 vulnerabilities
python code vulnerabilities
python vulnerability scanner
python vulnerability 2022
websockify python/3.8.10 exploit
python 3.10 vulnerabilities
python 3.6.8 vulnerabilities