products / python

Python

Python (CPython) has deep CVE coverage across urllib, zipfile, email, and the standard library. Attestd filters through cpe:2.3:a:python:python as the primary namespace. Example JSON is illustrative.

api usage

Querying Python

product slugpython

version format3.11.0, 3.13.0, semver

bash

curl "https://api.attestd.io/v1/check?product=python&version=3.11.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

json

{
  "product": "python",
  "version": "3.11.0",
  "supported": true,
  "risk_state": "high",
  "risk_factors": [
    "remote_code_execution",
    "patch_available",
    "internet_exposed_service"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "3.11.4",
  "confidence": 0.8,
  "cve_ids": ["CVE-2023-24329", "CVE-2024-0450"],
  "last_updated": "2026-05-13T18:00:00Z",
  "supply_chain": null
}

safe version

bash

curl "https://api.attestd.io/v1/check?product=python&version=3.13.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	CVSS
`CVE-2023-24329`	URL parsing bypass via blank characters before scheme (urllib).	7.5
`CVE-2024-0450`	zipfile path traversal via crafted archive.	6.2

All products Ruby PHP Response Field Reference