Medium
CVSS: 6.3
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish a…
Medium
CVSS: 6.3
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Low
CVSS: 2.1
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Medium
CVSS: 6.3
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causi…
Low
CVSS: 1.8
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
High
CVSS: 7.8
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.