GCVE - cpe:2.3:a:python:python:3.15.0:alpha4:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:python:python:3.15.0:alpha4:*:*:*:*:*:*

part: a version: 3.15.0 update: alpha4

Vendor	Python (`b57ad93a-6195-5192-9423-6cfad6044a8b`)
Product	Python (`fc328eef-0a85-5ddb-b629-b8866ec518c8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/python`	purl2cpe	2026-06-01 10:16:29.363786
`pkg:github/python/cpython`	purl2cpe	2026-06-01 10:16:29.363787
`pkg:python/python`	purl2cpe	2026-06-01 10:16:29.363789
`pkg:rpm/opensuse/python`	purl2cpe	2026-06-01 10:16:29.363790

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4519`	vulnerable	2026-06-03 15:26:25.614895	webbrowser.open() allows leading dashes in URLs The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open(). Published: 2026-03-20T15:08:32.576Z Updated: 2026-04-13T21:47:40.137Z Open on db.gcve.eu Reference links https://github.com/python/cpython/pull/143931 https://github.com/python/cpython/issues/143930 https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/ https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866 https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.