python 3.9 vulnerabilities

Known vulnerabilities in the python-3.9 package.

CVE Details

cvedetails.com › version › 651294 › Python-Python-3.9.0.html

Python Python 3.9.0 security vulnerabilities, CVEs

Vulnerability statistics provide a quick overview for security vulnerabilities of Python » Python » version 3.9.0 .

Discussions

Corporate IT have banned all versions of python lower than the latest

Don't know what your environments look like, but we upgraded almost all of ours to 3.12, I would definitely recommend it. Most packages are already up to date. That being said, if IT doesn't understand why you might need to run 3.11 for some packages, can't you simply provide them a list of the packages that don't support 3.12 and tell them you'll upgrade those systems when their dependencies catch up? More on reddit.com

r/Python

218

942

November 21, 2023

CVE-2021-45960 vulnerability in python 3.9-slim

Images with python 3.9-slim (dfcf03d7f1eb) have a version of expat (2.2.10) that is identified as a critical vulnerability when scanned with GCP On Demand Scanning API. More on github.com

github.com

6

February 15, 2022

Maikuolan

maikuolan.github.io › Vulnerability-Charts › python.html

Vulnerability Charts – Python

January 7, 2026 - A chart of which Python versions are safe/unsafe, and their CVSS.

Cybersecurity Help

cybersecurity-help.cz › vdb › python_org › python › 3.9.0

Known Vulnerabilities in Python 3.9.0

Multiple vulnerabilities in Oracle Communications Diameter Signaling Router22 Oct, 2025 High Patched · Improper input validation in Python zipfile module14 Oct, 2025 Medium Patched

Snyk

snyk.io › test › docker › python:3.9-slim

Vulnerability report for Docker python:3.9-slim | Snyk

Learn more about Docker python:3.9-slim vulnerabilities. Docker image python has 38 known vulnerabilities found in 98 vulnerable paths.

reddit.com › r/python › corporate it have banned all versions of python lower than the latest

r/Python on Reddit: Corporate IT have banned all versions of python lower than the latest

November 21, 2023 -

I.e. right now they are insisting we use v3.12 only because older versions have some vulnerabilities their scanner picked up.

I need to somehow explain that this is a terrible idea and that many packages won't support the most up to date version without causing them to panic and overstep even more.

This requirement is company wide (affects development, data science and analytics).

Edit - thanks for all the advice, I think the crux is that they don't understand how the versioning works and are confusing major and minor versions. I will explain this and hopefully we will be able to use the latest minor versions for 3.11/3.10/3.9

Top answer

1 of 5

707

Don't know what your environments look like, but we upgraded almost all of ours to 3.12, I would definitely recommend it. Most packages are already up to date. That being said, if IT doesn't understand why you might need to run 3.11 for some packages, can't you simply provide them a list of the packages that don't support 3.12 and tell them you'll upgrade those systems when their dependencies catch up?

2 of 5

159

And yet some corporate IT have also banned all Python newer than 2.7.

CVE Details

cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › version_id-651294 › Python-Python-3.9.0.html

Python Python version 3.9.0 : Security vulnerabilities, CVEs

June 29, 2021 - An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Readthedocs

python-security.readthedocs.io › vulnerabilities.html

Python Security Vulnerabilities — Python Security 0.0 documentation

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format.

Snyk

snyk.io › test › docker › python:3.9.13-alpine3.14

Vulnerability report for Docker python:3.9.13-alpine3.14 | Snyk

Learn more about Docker python:3.9.13-alpine3.14 vulnerabilities. Docker image python has 13 known vulnerabilities found in 22 vulnerable paths.

Find elsewhere

Google Bing Mojeek

Stack

stack.watch › product › python › python

Python Security Vulnerabilities in 2026 - stack.watch

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Vulmon

vulmon.com › home › search results

python python 3.9.0 vulnerabilities and exploits

Vulmon Recent Vulnerabilities Research Posts Trends Blog Docs About Contact Vulmon Alerts ... In Python 3.6 up to and including 3.6.10, 3.7 up to and including 3.7.8, 3.8 up to and including 3.8.4rc1, and 3.9 up to and including 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in ...

CVE Details

cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › Python-Python.html

Python Python : Security vulnerabilities, CVEs

Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Vulnerability Database

vuldb.com

Python Vulnerabilities

Affected Versions (347): 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.11, 0.0.12, 0.0.13, 0.0.14, 0.0.15, 0.0.16, 0.0.17, 0.0.18, 0.0.19, 0.0.21, 0.0.22, 0.0.23, 0.0.24, 0.0.25, 0.0.26, 0.0.27, 0.0.28, 0.0.29, 0.0.31, 0.0.32, 0.0.33, 0.0.34, 0.0.35, 0.0.36, 0.0.37, 0.0.38, 0.0.39, 0.0.41, 0.0.42, 0.0.43, 0.0.44, 0.0.45, 0.0.46, 0.0.47, 0.0.48, 0.0.49, 0.0.51, 0.0.52, 0.1, 0.2, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.3, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4, 0.4.2, 0.4.3, 0.5, 0.5.1, 0.5.2, 0.6, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.7.5, 0.8, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.9, 0.

Snyk

security.snyk.io › snyk vulnerability database › linux › chainguard

CVE-2024-0450 in python-3.9 | CVE-2024-0450 | Snyk

March 25, 2024 - An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with ...

CVE Details

cvedetails.com › version › 1371153 › Python-Python-3.9.7.html

Python Python 3.9.7 security vulnerabilities, CVEs

Python Python version 3.9.7 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references

GitHub

github.com › docker-library › python › issues › 699

CVE-2021-45960 vulnerability in python 3.9-slim · Issue #699 · docker-library/python

February 15, 2022 - Images with python 3.9-slim (dfcf03d7f1eb) have a version of expat (2.2.10) that is identified as a critical vulnerability when scanned with GCP On Demand Scanning API.

Author roryjbd

Debian

security-tracker.debian.org › tracker › source-package › python3.9

Information on source package python3.9

python3.9 in the Package Tracking System · python3.9 in the Bug Tracking System · python3.9 source code ·

Cisco Bug Search Tool

bst.cisco.com › quickview › bug › CSCwe13920

Vulnerabilities in python 3.9.5 CVE-2020-10735

We cannot provide a description for this page right now

IBM

community.ibm.com › community › user › discussion › latest-python-3918-is-affected-by-cve-2023-6597-vulnerability

Latest Python (3.9.18) is affected by CVE-2023-6597 vulnerability | Open Source Development

Hi Team, Latest python 3.9.18 version in the toolbox is being affected by CVE-2023-6597Wondering if there is something in the scope to resolve this?Thanks in a

Snyk

snyk.io › test › docker › python:3.9.7

Vulnerability report for Docker python:3.9.7 | Snyk

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements.