python 3.9 vulnerability

Known vulnerabilities in the python-3.9 package.

CVE Details

cvedetails.com › version › 651294 › Python-Python-3.9.0.html

Python Python 3.9.0 security vulnerabilities, CVEs

Vulnerability statistics provide a quick overview for security vulnerabilities of Python » Python » version 3.9.0 .

Discussions

Corporate IT have banned all versions of python lower than the latest

Don't know what your environments look like, but we upgraded almost all of ours to 3.12, I would definitely recommend it. Most packages are already up to date. That being said, if IT doesn't understand why you might need to run 3.11 for some packages, can't you simply provide them a list of the packages that don't support 3.12 and tell them you'll upgrade those systems when their dependencies catch up? More on reddit.com

r/Python

218

942

November 21, 2023

Report of Open Redirect Vulnerability in Python 3.9.11 - Utilizing Simple HTTP

Bug report Bug description: Vulnerability Details: Affected Version: Python 3.9.11 Vulnerability Type: Open Redirect Payload: //interact.sh//.. Description: During our testing and analysis, we id... More on github.com

github.com

6

April 26, 2024

Maikuolan

maikuolan.github.io › Vulnerability-Charts › python.html

Vulnerability Charts – Python

January 7, 2026 - A chart of which Python versions are safe/unsafe, and their CVSS.

reddit.com › r/python › corporate it have banned all versions of python lower than the latest

r/Python on Reddit: Corporate IT have banned all versions of python lower than the latest

November 21, 2023 -

I.e. right now they are insisting we use v3.12 only because older versions have some vulnerabilities their scanner picked up.

I need to somehow explain that this is a terrible idea and that many packages won't support the most up to date version without causing them to panic and overstep even more.

This requirement is company wide (affects development, data science and analytics).

Edit - thanks for all the advice, I think the crux is that they don't understand how the versioning works and are confusing major and minor versions. I will explain this and hopefully we will be able to use the latest minor versions for 3.11/3.10/3.9

Top answer

1 of 5

707

Don't know what your environments look like, but we upgraded almost all of ours to 3.12, I would definitely recommend it. Most packages are already up to date. That being said, if IT doesn't understand why you might need to run 3.11 for some packages, can't you simply provide them a list of the packages that don't support 3.12 and tell them you'll upgrade those systems when their dependencies catch up?

2 of 5

159

And yet some corporate IT have also banned all Python newer than 2.7.

Readthedocs

python-security.readthedocs.io › vulnerabilities.html

Python Security Vulnerabilities — Python Security 0.0 documentation

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format.

Snyk

snyk.io › test › docker › python:3.9-slim

Vulnerability report for Docker python:3.9-slim | Snyk

Learn more about Docker python:3.9-slim vulnerabilities. Docker image python has 38 known vulnerabilities found in 98 vulnerable paths.

IBM

community.ibm.com › community › user › discussion › latest-python-3918-is-affected-by-cve-2023-6597-vulnerability

Latest Python (3.9.18) is affected by CVE-2023-6597 vulnerability | Open Source Development

Hi Team, Latest python 3.9.18 version in the toolbox is being affected by CVE-2023-6597Wondering if there is something in the scope to resolve this?Thanks in a

CVE Details

cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › version_id-651294 › Python-Python-3.9.0.html

Python Python version 3.9.0 : Security vulnerabilities, CVEs

June 29, 2021 - An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Snyk

snyk.io › test › docker › python:3.9.5-buster

Vulnerability report for Docker python:3.9.5-buster | Snyk

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Find elsewhere

Google Bing Mojeek

GitHub

github.com › python › cpython › issues › 118312

Report of Open Redirect Vulnerability in Python 3.9.11 - Utilizing Simple HTTP · Issue #118312 · python/cpython

April 26, 2024 - Bug report Bug description: Vulnerability Details: Affected Version: Python 3.9.11 Vulnerability Type: Open Redirect Payload: //interact.sh//.. Description: During our testing and analysis, we identified that when using Simple HTTP in ...

Author barttran2k

Cybersecurity Help

cybersecurity-help.cz › vdb › python_org › python › 3.9.0

Known Vulnerabilities in Python 3.9.0

List of known vulnerabilities in Python in version 3.9.0

Snyk

snyk.io › test › docker › python:3.9.2-slim

Vulnerability report for Docker python:3.9.2-slim | Snyk

This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

CVE Details

cvedetails.com › version › 1371155 › Python-Python-3.9.9.html

Python Python 3.9.9 security vulnerabilities, CVEs

Python Python version 3.9.9 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references

Debian

security-tracker.debian.org › tracker › source-package › python3.9

Information on source package python3.9

python3.9 in the Package Tracking System · python3.9 in the Bug Tracking System · python3.9 source code ·

CVE Details

cvedetails.com › vulnerability-list › vendor_id-10210 › product_id-18230 › Python-Python.html

Python Python : Security vulnerabilities, CVEs

Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Vulmon

vulmon.com › home › search results

python python 3.9.0 vulnerabilities and exploits

Vulmon Recent Vulnerabilities Research Posts Trends Blog Docs About Contact Vulmon Alerts ... In Python 3.6 up to and including 3.6.10, 3.7 up to and including 3.7.8, 3.8 up to and including 3.8.4rc1, and 3.9 up to and including 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application.

Stack

stack.watch › product › python › python

Python Security Vulnerabilities in 2026 - stack.watch

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Snyk

snyk.io › test › docker › python:3.9.7

Vulnerability report for Docker python:3.9.7 | Snyk

Upgrade Debian:11 python3.9 to version 3.9.2-1+deb11u2 or higher.

Docker Community

forums.docker.com › general

CVE-2022-2068 on python:3.9-slim-buster image - General - Docker Community Forums

January 4, 2023 - we are using python:3.9-slim-buster image for our service and in can report it being reported with vulnerability CVE-2022-2068 and the remediation is to update openssl to 1.1.1q . Could someone please help me to update o…

Python

python.org › downloads › release › python-394

Python Release Python 3.9.4 | Python.org

October 31, 2025 - Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo. Some of the new major new features and changes in Python 3.9 are: