CVE-2025-4516
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-4516
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4516.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-4516
- Aliases
- Downstream
- Related
- Published
- 2025-05-15T14:15:31Z
- Modified
- 2025-10-08T00:20:06.713716Z
- Summary
- [none]
- Details
-
There is an issue in CPython when using
bytes.decode("unicode_escape", error="ignore|replace"). If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. - References
-
- https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292
- https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d
- https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142
- https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f
- https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77
- https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e
- https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b
- https://github.com/python/cpython/pull/129648
- https://github.com/python/cpython/issues/133767
- https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
- http://www.openwall.com/lists/oss-security/2025/05/16/4
- http://www.openwall.com/lists/oss-security/2025/05/19/1
Affected packages
Git / github.com/python/cpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixedFixedFixed
Affected versions
2.*
2.5
3.*
3.2
v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v2.5
v2.5.1
v2.5.1c1
v2.5.2
v2.5.2c1
v2.5.3
v2.5.3c1
v2.5.4
v2.5.5
v2.5.5c1
v2.5.5c2
v2.5.6
v2.5.6c1
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.5c1
v2.5c2
v2.6
v2.6.1
v2.6.2
v2.6.2c1
v2.6.3
v2.6.3rc1
v2.6.4
v2.6.4rc1
v2.6.4rc2
v2.6.5
v2.6.5rc1
v2.6.5rc2
v2.6.6
v2.6.6rc1
v2.6.6rc2
v2.6.7
v2.6.8
v2.6.8rc1
v2.6.8rc2
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.1rc1
v2.7.2
v2.7.2rc1
v2.7.3
v2.7.3rc1
v2.7.3rc2
v2.7.4rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.1.1
v3.1.1rc1
v3.1.2
v3.1.2rc1
v3.1.3
v3.1.3rc1
v3.1.4
v3.1.4rc1
v3.1.5
v3.1.5rc1
v3.1.5rc2
v3.10.0
v3.10.0a1
v3.10.0a2
v3.10.0a3
v3.10.0a4
v3.10.0a5
v3.10.0a6
v3.10.0a7
v3.10.0b1
v3.10.0b2
v3.10.0b3
v3.10.0b4
v3.10.0rc1
v3.10.0rc2
v3.10.1
v3.10.10
v3.10.11
v3.10.12
v3.10.13
v3.10.14
v3.10.15
v3.10.16
v3.10.17
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.10.9
v3.11.0
v3.11.0a1
v3.11.0a2
v3.11.0a3
v3.11.0a4
v3.11.0a5
v3.11.0a6
v3.11.0a7
v3.11.0b1
v3.11.0b2
v3.11.0b3
v3.11.0b4
v3.11.0b5
v3.11.0rc1
v3.11.0rc2
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.12.0
v3.12.0a1
v3.12.0a2
v3.12.0a3
v3.12.0a4
v3.12.0a5
v3.12.0a6
v3.12.0a7
v3.12.0b1
v3.12.0b2
v3.12.0b3
v3.12.0b4
v3.12.0rc1
v3.12.0rc2
v3.12.0rc3
v3.12.1
v3.12.10
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.8
v3.12.9
v3.13.0
v3.13.0a1
v3.13.0a2
v3.13.0a3
v3.13.0a4
v3.13.0a5
v3.13.0a6
v3.13.0b1
v3.13.0b2
v3.13.0b3
v3.13.0b4
v3.13.0rc1
v3.13.0rc2
v3.13.0rc3
v3.13.1
v3.13.2
v3.13.3
v3.14.0a1
v3.14.0a2
v3.14.0a3
v3.14.0a4
v3.14.0a5
v3.14.0a6
v3.14.0a7
v3.14.0b1
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2
v3.2.1
v3.2.1b1
v3.2.1rc1
v3.2.1rc2
v3.2.2
v3.2.2rc1
v3.2.3
v3.2.3rc1
v3.2.3rc2
v3.2.4
v3.2.4rc1
v3.2.5
v3.2.6
v3.2.6rc1
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0
v3.3.0a1
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.1rc1
v3.3.2
v3.3.3
v3.3.3rc1
v3.3.3rc2
v3.3.4
v3.3.4rc1
v3.3.5
v3.3.5rc1
v3.3.5rc2
v3.3.6
v3.3.6rc1
v3.4.0
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.4.0rc1
v3.4.0rc2
v3.4.0rc3
v3.4.1
v3.4.1rc1
v3.4.2
v3.4.2rc1
v3.4.3
v3.4.3rc1
v3.4.4
v3.4.4rc1
v3.4.5
v3.4.5rc1
v3.4.6
v3.4.6rc1
v3.5.0
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.5.0b2
v3.5.0b3
v3.5.0b4
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.0rc4
v3.5.1
v3.5.1rc1
v3.5.2
v3.5.2rc1
v3.5.3
v3.5.3rc1
v3.6.0
v3.6.0a1
v3.6.0a2
v3.6.0a3
v3.6.0a4
v3.6.0b1
v3.6.0b2
v3.6.0b3
v3.6.0b4
v3.6.0rc1
v3.6.0rc2
v3.7.0a1
v3.7.0a2
v3.7.0a3
v3.7.0a4
v3.8.0a1
v3.8.0a2
v3.8.0a3
v3.8.0a4
v3.8.0b1
v3.9.0
v3.9.0a1
v3.9.0a2
v3.9.0a3
v3.9.0a4
v3.9.0a5
v3.9.0a6
v3.9.0b1
v3.9.0b2
v3.9.0b3
v3.9.0b4
v3.9.0b5
v3.9.0rc1
v3.9.0rc2
v3.9.1
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.1rc1
v3.9.2
v3.9.20
v3.9.21
v3.9.22
v3.9.2rc1
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 2285.0,
"function_hash": "263973368467444803220425705201820386339"
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-016fef12"
},
{
"signature_version": "v1",
"digest": {
"length": 1360.0,
"function_hash": "311252427539272451990404841420010420636"
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-032f8d1b"
},
{
"signature_version": "v1",
"digest": {
"length": 1362.0,
"function_hash": "136252913270312311160342388456811251066"
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-0c7fb63b"
},
{
"signature_version": "v1",
"digest": {
"length": 2285.0,
"function_hash": "263973368467444803220425705201820386339"
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-1096c13d"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"164804037795288558302005784372172823812",
"75535931859427858578087788035323903123",
"186446798814974367746116717913194675095"
]
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Include/cpython/unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-11592bd7"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"207252037538863229688362671426229382657",
"233080690889430002180846032187900845039",
"307718007028290570503251734810268242619",
"200479335070085788372354087442192050960",
"13287019070770633425344516773106147479"
]
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Include/internal/pycore_bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-11b6eb36"
},
{
"signature_version": "v1",
"digest": {
"length": 3999.0,
"function_hash": "60568712030338220314021859633931600712"
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-11bb2d43"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"149725850008335062081877836256750130655",
"65670582946992208529581304864779342065",
"154474229108497875295095515709965626794",
"94477219384853861253545648200084396288",
"119122237503223854594016078848472911219",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"111138872908472011608966502702870429795",
"47574872727254009277245672528316953393",
"334332009072961911883147174568848183056",
"207968807635010521951556334198543554438",
"80383540230425434224530224027156623097",
"264225962109356638944159665987590068968",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"46787179538191146178989893099598132293",
"316289144422290151151046649529526978642",
"309900139094826742808850662638534926365",
"294557468689871587204811598895524826269",
"81927283370088904981857680126297381148",
"16386005265682531318563283182678145508",
"271069158515182438545605163038439716971",
"107115699159740871664315085870559915602",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-14bd03ed"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"111138872908472011608966502702870429795",
"47574872727254009277245672528316953393",
"334332009072961911883147174568848183056",
"207968807635010521951556334198543554438",
"80383540230425434224530224027156623097",
"264225962109356638944159665987590068968",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"206680889647473801308906199385079295626",
"91021165303551480836743782534579122427",
"331974509739694033450947288796330356964",
"40359183461027308297857931357790830814",
"37342583223185431056126496149491762961",
"314543389104063834881642954877594434161"
]
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-16d7c202"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"207252037538863229688362671426229382657",
"233080690889430002180846032187900845039",
"307718007028290570503251734810268242619",
"200479335070085788372354087442192050960",
"13287019070770633425344516773106147479"
]
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Include/internal/pycore_bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-172d3a63"
},
{
"signature_version": "v1",
"digest": {
"length": 404.0,
"function_hash": "602322139878009221325918289256764518"
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-195779ec"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260941515176691977029948399981019328432",
"40875217559908844500809436059546610711",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"299689639064006782776401707264893168462",
"222133616806722929533791670332730352789",
"294213027643851997489468513090040954687",
"176155166898471008056380311393976596147",
"274337348338053830050044622449846110270",
"235641675468194976065024155496678322363",
"220331928956002368735024325006390954114",
"94477219384853861253545648200084396288",
"88170254654824809842160586025300977080",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"151043065025173986854975079925080007843",
"331396586038371888893312240276315601901",
"178191808119447335169273130345842686349",
"42217239064580402178024711587770151754",
"24808762823523771377428870974567232292",
"81927283370088904981857680126297381148",
"146149141779110543680880664939265533553",
"6122594498745580745682996152726564560",
"249324297565416103012962149426160485564",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-23a079f0"
},
{
"signature_version": "v1",
"digest": {
"length": 430.0,
"function_hash": "281886286272597942265064826003534255411"
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-2700ec73"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"278760355083874204993519338347554361886",
"197394122698764551011397836619327858176",
"94733008537040512880235219575715730942"
]
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Include/internal/pycore_unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-30e6e8c6"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"149725850008335062081877836256750130655",
"65670582946992208529581304864779342065",
"154474229108497875295095515709965626794",
"94477219384853861253545648200084396288",
"119122237503223854594016078848472911219",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"138649222040134897385726038429953679175",
"42777657727010096635838503389954520620",
"228659462863698877633264367758846480339",
"31240444197804261355027421620490922359",
"24808762823523771377428870974567232292",
"81927283370088904981857680126297381148",
"168820520082394845498098511593917996656",
"146956331165374630893224855485427697282",
"249324297565416103012962149426160485564",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-32fbbd8c"
},
{
"signature_version": "v1",
"digest": {
"length": 1385.0,
"function_hash": "250806002254265148910681083514943330635"
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-39bdea72"
},
{
"signature_version": "v1",
"digest": {
"length": 329.0,
"function_hash": "330616262435628366926800160868597121102"
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-3d48bb7e"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"164804037795288558302005784372172823812",
"75535931859427858578087788035323903123",
"186446798814974367746116717913194675095"
]
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Include/cpython/unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-3e8f2279"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209673069073437242728903186456299628970",
"233080690889430002180846032187900845039",
"305577287073750502555360983668852658181"
]
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Include/cpython/bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-40ba6bc8"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"278760355083874204993519338347554361886",
"197394122698764551011397836619327858176",
"94733008537040512880235219575715730942",
"125041505975749507726415451436058563135",
"101534986740420764124896361835158053291",
"282959537994472274274841544639740390944",
"119887893796667081370186232163444944471",
"206669821498113011380688870195203624448",
"284522617131740635527322170442427980674"
]
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Include/internal/pycore_unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-40faf63d"
},
{
"signature_version": "v1",
"digest": {
"length": 1435.0,
"function_hash": "237179657101582696689295234988886519356"
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-47e15fe3"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"141459811058784093367455455857478517532",
"295453630711220565137126568838140353470",
"324431718798471633035767580258122284337",
"61450342774574411050077347732538604085",
"6622207244158684336869473919968305277",
"215780264269487242692844197161950227064",
"206454855528030014934794740017299795484",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"188617969912789346609770632931114337119",
"305753102529734510182216575084499367093",
"158165527339670700223369917915728973900",
"113365751483115053764461019209127412852"
]
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-4dae72a7"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209673069073437242728903186456299628970",
"233080690889430002180846032187900845039",
"98917990495039834378635678038262384897"
]
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Include/cpython/bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-5236bc05"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"149725850008335062081877836256750130655",
"65670582946992208529581304864779342065",
"154474229108497875295095515709965626794",
"94477219384853861253545648200084396288",
"119122237503223854594016078848472911219",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"138649222040134897385726038429953679175",
"42777657727010096635838503389954520620",
"228659462863698877633264367758846480339",
"31240444197804261355027421620490922359",
"24808762823523771377428870974567232292",
"81927283370088904981857680126297381148",
"168820520082394845498098511593917996656",
"146956331165374630893224855485427697282",
"249324297565416103012962149426160485564",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-59851038"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"265438056998705702810994001385517540302",
"306951369644449573573892807400532053541",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"232925501586495534694794157488593091433",
"262060603755195683795487021814814215778",
"283259442970518371972050767326450964383",
"76202616557071423559529418543957881798",
"176155166898471008056380311393976596147",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"75767832613375060683357719746279895816",
"281182331638249301955929629929671637290",
"192294158226209426623500479187987924865",
"134822443013192636830910538286954010411",
"320176965727817389745239409009514428661",
"287774336104469704832127939391284332052",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"206680889647473801308906199385079295626",
"91021165303551480836743782534579122427",
"331974509739694033450947288796330356964",
"40359183461027308297857931357790830814",
"37342583223185431056126496149491762961",
"314543389104063834881642954877594434161"
]
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-5a78f240"
},
{
"signature_version": "v1",
"digest": {
"length": 596.0,
"function_hash": "115207838000024130140718965593036404042"
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-5c93c852"
},
{
"signature_version": "v1",
"digest": {
"length": 337.0,
"function_hash": "287707245420631749466766323679687983418"
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-5d3896b8"
},
{
"signature_version": "v1",
"digest": {
"length": 337.0,
"function_hash": "287707245420631749466766323679687983418"
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-5f4bfaa8"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"265438056998705702810994001385517540302",
"306951369644449573573892807400532053541",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"232925501586495534694794157488593091433",
"262060603755195683795487021814814215778",
"283259442970518371972050767326450964383",
"76202616557071423559529418543957881798",
"176155166898471008056380311393976596147",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"75767832613375060683357719746279895816",
"281182331638249301955929629929671637290",
"192294158226209426623500479187987924865",
"134822443013192636830910538286954010411",
"320176965727817389745239409009514428661",
"287774336104469704832127939391284332052",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"206680889647473801308906199385079295626",
"91021165303551480836743782534579122427",
"331974509739694033450947288796330356964",
"40359183461027308297857931357790830814",
"37342583223185431056126496149491762961",
"314543389104063834881642954877594434161"
]
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-6029f2cc"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"278760355083874204993519338347554361886",
"197394122698764551011397836619327858176",
"94733008537040512880235219575715730942",
"125041505975749507726415451436058563135",
"101534986740420764124896361835158053291",
"282959537994472274274841544639740390944",
"119887893796667081370186232163444944471",
"206669821498113011380688870195203624448",
"284522617131740635527322170442427980674"
]
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Include/internal/pycore_unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-60795417"
},
{
"signature_version": "v1",
"digest": {
"length": 331.0,
"function_hash": "333910878610256440510789809895047998592"
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Parser/pegen/parse_string.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-639a3106"
},
{
"signature_version": "v1",
"digest": {
"length": 2285.0,
"function_hash": "263973368467444803220425705201820386339"
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-65894039"
},
{
"signature_version": "v1",
"digest": {
"length": 1356.0,
"function_hash": "67193675137479826073446743228815137200"
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Parser/pegen/parse_string.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-6695f1aa"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209673069073437242728903186456299628970",
"233080690889430002180846032187900845039",
"305577287073750502555360983668852658181"
]
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Include/cpython/bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-698ceb9c"
},
{
"signature_version": "v1",
"digest": {
"length": 4023.0,
"function_hash": "211631648316419971558610238486590928267"
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-6996945b"
},
{
"signature_version": "v1",
"digest": {
"length": 596.0,
"function_hash": "115207838000024130140718965593036404042"
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-6d6c99e7"
},
{
"signature_version": "v1",
"digest": {
"length": 1435.0,
"function_hash": "237179657101582696689295234988886519356"
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-72633f81"
},
{
"signature_version": "v1",
"digest": {
"length": 3999.0,
"function_hash": "60568712030338220314021859633931600712"
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-763086a4"
},
{
"signature_version": "v1",
"digest": {
"length": 1435.0,
"function_hash": "237179657101582696689295234988886519356"
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_unicode_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-76b9fa55"
},
{
"signature_version": "v1",
"digest": {
"length": 622.0,
"function_hash": "136072390273448100646280860855309076961"
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-82ce5919"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"111138872908472011608966502702870429795",
"47574872727254009277245672528316953393",
"334332009072961911883147174568848183056",
"207968807635010521951556334198543554438",
"80383540230425434224530224027156623097",
"264225962109356638944159665987590068968",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"206680889647473801308906199385079295626",
"91021165303551480836743782534579122427",
"331974509739694033450947288796330356964",
"40359183461027308297857931357790830814",
"37342583223185431056126496149491762961",
"314543389104063834881642954877594434161"
]
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-868e51fd"
},
{
"signature_version": "v1",
"digest": {
"length": 622.0,
"function_hash": "136072390273448100646280860855309076961"
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-872acb32"
},
{
"signature_version": "v1",
"digest": {
"length": 337.0,
"function_hash": "287707245420631749466766323679687983418"
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-8960a0ce"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"141459811058784093367455455857478517532",
"295453630711220565137126568838140353470",
"324431718798471633035767580258122284337",
"61450342774574411050077347732538604085",
"6622207244158684336869473919968305277",
"215780264269487242692844197161950227064",
"206454855528030014934794740017299795484",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"188617969912789346609770632931114337119",
"305753102529734510182216575084499367093",
"158165527339670700223369917915728973900",
"113365751483115053764461019209127412852"
]
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-8b557d4a"
},
{
"signature_version": "v1",
"digest": {
"length": 4152.0,
"function_hash": "214998725881699673722276853053399935952"
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-8fc0ea5a"
},
{
"signature_version": "v1",
"digest": {
"length": 430.0,
"function_hash": "281886286272597942265064826003534255411"
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-929ac66b"
},
{
"signature_version": "v1",
"digest": {
"length": 337.0,
"function_hash": "287707245420631749466766323679687983418"
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-9ccf6cf6"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"141459811058784093367455455857478517532",
"295453630711220565137126568838140353470",
"324431718798471633035767580258122284337",
"61450342774574411050077347732538604085",
"6622207244158684336869473919968305277",
"215780264269487242692844197161950227064",
"206454855528030014934794740017299795484",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"188617969912789346609770632931114337119",
"305753102529734510182216575084499367093",
"158165527339670700223369917915728973900",
"113365751483115053764461019209127412852"
]
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-a218eacd"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"306936398900202078575687357096059984227",
"138602339382021701207510326609721846945",
"309641298654597631159460626798128640655",
"16653636176323054259145305871889582361",
"285760383491288037172083058187900836694",
"89644259437895487549798707113757301785",
"107040342937484318810077491155814002404",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"216375900742294804512908716827627558891",
"102019591061995571483087831177400006231",
"90663511674171256031562962305531995155",
"38306253010508820740783859701144105113"
]
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-a81766d3"
},
{
"signature_version": "v1",
"digest": {
"length": 404.0,
"function_hash": "602322139878009221325918289256764518"
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-ac32ccb6"
},
{
"signature_version": "v1",
"digest": {
"length": 2285.0,
"function_hash": "263973368467444803220425705201820386339"
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-ad28f9b1"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"77341328209295353841242080391590531375",
"40875217559908844500809436059546610711",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"298956518575676603582410951621510698930",
"197353779447130553062341478812058899134",
"114183214824755996536088906005559927709",
"176155166898471008056380311393976596147",
"274337348338053830050044622449846110270",
"235641675468194976065024155496678322363",
"220331928956002368735024325006390954114",
"94477219384853861253545648200084396288",
"88170254654824809842160586025300977080",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"75767832613375060683357719746279895816",
"281182331638249301955929629929671637290",
"192294158226209426623500479187987924865",
"134822443013192636830910538286954010411",
"320176965727817389745239409009514428661",
"287774336104469704832127939391284332052",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"46787179538191146178989893099598132293",
"316289144422290151151046649529526978642",
"309900139094826742808850662638534926365",
"294557468689871587204811598895524826269",
"81927283370088904981857680126297381148",
"16386005265682531318563283182678145508",
"271069158515182438545605163038439716971",
"107115699159740871664315085870559915602",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-ad46d231"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"306936398900202078575687357096059984227",
"138602339382021701207510326609721846945",
"309641298654597631159460626798128640655",
"271691111191630875895929441563450342410",
"121972048709373533186328072628402033012",
"216863685352512821228142484110518414674",
"47711903032282542310225697920051876508",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"184146245867276199665335022301017644808",
"216294202407046481010726973279508298936",
"231894771466568568850191675392471769731",
"254691252820793629816250025845386646937"
]
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Parser/pegen/parse_string.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-aecd871a"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"306936398900202078575687357096059984227",
"138602339382021701207510326609721846945",
"309641298654597631159460626798128640655",
"271691111191630875895929441563450342410",
"121972048709373533186328072628402033012",
"216863685352512821228142484110518414674",
"47711903032282542310225697920051876508",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"184146245867276199665335022301017644808",
"216294202407046481010726973279508298936",
"231894771466568568850191675392471769731",
"254691252820793629816250025845386646937"
]
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-b4d7f4ff"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209673069073437242728903186456299628970",
"233080690889430002180846032187900845039",
"98917990495039834378635678038262384897"
]
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Include/cpython/bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-b5b4f7f6"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"164804037795288558302005784372172823812",
"75535931859427858578087788035323903123",
"186446798814974367746116717913194675095"
]
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Include/cpython/unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-b6984dc8"
},
{
"signature_version": "v1",
"digest": {
"length": 622.0,
"function_hash": "136072390273448100646280860855309076961"
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-b9b6bd37"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"149725850008335062081877836256750130655",
"65670582946992208529581304864779342065",
"154474229108497875295095515709965626794",
"94477219384853861253545648200084396288",
"119122237503223854594016078848472911219",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"111138872908472011608966502702870429795",
"47574872727254009277245672528316953393",
"334332009072961911883147174568848183056",
"207968807635010521951556334198543554438",
"80383540230425434224530224027156623097",
"264225962109356638944159665987590068968",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"46787179538191146178989893099598132293",
"316289144422290151151046649529526978642",
"309900139094826742808850662638534926365",
"294557468689871587204811598895524826269",
"81927283370088904981857680126297381148",
"16386005265682531318563283182678145508",
"271069158515182438545605163038439716971",
"107115699159740871664315085870559915602",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-ba52a13b"
},
{
"signature_version": "v1",
"digest": {
"length": 331.0,
"function_hash": "333910878610256440510789809895047998592"
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c",
"function": "decode_bytes_with_escapes"
},
"signature_type": "Function",
"id": "CVE-2025-4516-bb2e4d5e"
},
{
"signature_version": "v1",
"digest": {
"length": 3999.0,
"function_hash": "60568712030338220314021859633931600712"
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-c1f84312"
},
{
"signature_version": "v1",
"digest": {
"length": 804.0,
"function_hash": "326842862865266246176383142167776706155"
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-c3a9ec93"
},
{
"signature_version": "v1",
"digest": {
"length": 804.0,
"function_hash": "326842862865266246176383142167776706155"
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-c8d47268"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"265438056998705702810994001385517540302",
"306951369644449573573892807400532053541",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"232925501586495534694794157488593091433",
"262060603755195683795487021814814215778",
"283259442970518371972050767326450964383",
"76202616557071423559529418543957881798",
"176155166898471008056380311393976596147",
"274337348338053830050044622449846110270",
"235641675468194976065024155496678322363",
"220331928956002368735024325006390954114",
"94477219384853861253545648200084396288",
"88170254654824809842160586025300977080",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"75767832613375060683357719746279895816",
"281182331638249301955929629929671637290",
"192294158226209426623500479187987924865",
"134822443013192636830910538286954010411",
"320176965727817389745239409009514428661",
"287774336104469704832127939391284332052",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"46787179538191146178989893099598132293",
"316289144422290151151046649529526978642",
"309900139094826742808850662638534926365",
"294557468689871587204811598895524826269",
"81927283370088904981857680126297381148",
"16386005265682531318563283182678145508",
"271069158515182438545605163038439716971",
"107115699159740871664315085870559915602",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-cc71fe97"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"164804037795288558302005784372172823812",
"75535931859427858578087788035323903123",
"186446798814974367746116717913194675095"
]
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Include/cpython/unicodeobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-ce567e3c"
},
{
"signature_version": "v1",
"digest": {
"length": 2214.0,
"function_hash": "234216180216555713482389515438027862049"
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-d09bc175"
},
{
"signature_version": "v1",
"digest": {
"length": 4016.0,
"function_hash": "121630048052958341067448210923445096544"
},
"source": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-d7940d98"
},
{
"signature_version": "v1",
"digest": {
"length": 2214.0,
"function_hash": "234216180216555713482389515438027862049"
},
"source": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-d834dc75"
},
{
"signature_version": "v1",
"digest": {
"length": 4087.0,
"function_hash": "184754135931749305387553014798360668729"
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeInternal"
},
"signature_type": "Function",
"id": "CVE-2025-4516-d892d2df"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"207252037538863229688362671426229382657",
"233080690889430002180846032187900845039",
"307718007028290570503251734810268242619"
]
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Include/internal/pycore_bytesobject.h"
},
"signature_type": "Line",
"id": "CVE-2025-4516-d9175b23"
},
{
"signature_version": "v1",
"digest": {
"length": 596.0,
"function_hash": "115207838000024130140718965593036404042"
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-da86eed9"
},
{
"signature_version": "v1",
"digest": {
"length": 2285.0,
"function_hash": "263973368467444803220425705201820386339"
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c",
"function": "_PyBytes_DecodeEscape"
},
"signature_type": "Function",
"id": "CVE-2025-4516-db37bebc"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260941515176691977029948399981019328432",
"40875217559908844500809436059546610711",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"299689639064006782776401707264893168462",
"222133616806722929533791670332730352789",
"294213027643851997489468513090040954687",
"176155166898471008056380311393976596147",
"274337348338053830050044622449846110270",
"235641675468194976065024155496678322363",
"220331928956002368735024325006390954114",
"94477219384853861253545648200084396288",
"88170254654824809842160586025300977080",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"151043065025173986854975079925080007843",
"331396586038371888893312240276315601901",
"178191808119447335169273130345842686349",
"42217239064580402178024711587770151754",
"24808762823523771377428870974567232292",
"81927283370088904981857680126297381148",
"146149141779110543680880664939265533553",
"6122594498745580745682996152726564560",
"249324297565416103012962149426160485564",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-e2d1bc78"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"306936398900202078575687357096059984227",
"138602339382021701207510326609721846945",
"93142175469987692542726338796689098807",
"183550316408776871858823615374709741775",
"230807608361668643739594404424891391221",
"215780264269487242692844197161950227064",
"206454855528030014934794740017299795484",
"119263534955607504644213526012760509311",
"119717247607465919035545078398253348029",
"237092957691388910127864852372223682423",
"131615416496828094178470502010611086964",
"127024534631293931265305781513816545799",
"116324876996079924870080657680061641596",
"188617969912789346609770632931114337119",
"305753102529734510182216575084499367093",
"158165527339670700223369917915728973900",
"113365751483115053764461019209127412852"
]
},
"source": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292",
"deprecated": false,
"target": {
"file": "Parser/string_parser.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-e597e479"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53971168371386256499185681285657638650",
"173868114884686397067879075565441826154",
"40716984470624591708035101698691739660",
"302380427776324695536437783120768856492",
"74018418345520766877346964292412679164",
"151596514967468411191137693628976843976",
"213164018931622396637475487468850133592",
"218321357729914459613220113014635498633",
"256457137713898736393187585363309816569",
"203090321457411660123777655378488026168",
"55653487587655490148601121693170986940",
"149725850008335062081877836256750130655",
"65670582946992208529581304864779342065",
"154474229108497875295095515709965626794",
"94477219384853861253545648200084396288",
"119122237503223854594016078848472911219",
"94690520630783008426804672658471834611",
"127390878327036505700469841611601905338",
"307951533039940236874274746776320815889",
"29169336642102082750329848465234139875",
"133417117566179824230393406401542255407",
"111138872908472011608966502702870429795",
"47574872727254009277245672528316953393",
"334332009072961911883147174568848183056",
"207968807635010521951556334198543554438",
"80383540230425434224530224027156623097",
"264225962109356638944159665987590068968",
"151919339937625123204210457992044752931",
"130566401551032512068563473663474460184",
"89886807362014797934944559749105659368",
"129383879972328642994261826100024787773",
"275069354181843753491736730691246539652",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"46787179538191146178989893099598132293",
"316289144422290151151046649529526978642",
"309900139094826742808850662638534926365",
"294557468689871587204811598895524826269",
"81927283370088904981857680126297381148",
"16386005265682531318563283182678145508",
"271069158515182438545605163038439716971",
"107115699159740871664315085870559915602",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f",
"deprecated": false,
"target": {
"file": "Objects/bytesobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-ebd215e1"
},
{
"signature_version": "v1",
"digest": {
"length": 776.0,
"function_hash": "3324638602612500772396655197317256765"
},
"source": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-ef2842e4"
},
{
"signature_version": "v1",
"digest": {
"length": 776.0,
"function_hash": "3324638602612500772396655197317256765"
},
"source": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c",
"function": "_PyUnicode_DecodeUnicodeEscapeStateful"
},
"signature_type": "Function",
"id": "CVE-2025-4516-fb8d24a1"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260941515176691977029948399981019328432",
"40875217559908844500809436059546610711",
"171469356542214206532056345830406684843",
"274913332278744103178207219235476371887",
"297955451682751533291566893011857368084",
"72774091937512979137389913133029901926",
"229217426786291717704984341255908664048",
"175271571187035677683641472071830558687",
"137972618357736648282303168643957153856",
"245312920108718447091509285663217956466",
"299689639064006782776401707264893168462",
"222133616806722929533791670332730352789",
"294213027643851997489468513090040954687",
"176155166898471008056380311393976596147",
"274337348338053830050044622449846110270",
"235641675468194976065024155496678322363",
"220331928956002368735024325006390954114",
"94477219384853861253545648200084396288",
"88170254654824809842160586025300977080",
"23597472733483816675436405873908296824",
"55732722725180618889917195325747680323",
"307951533039940236874274746776320815889",
"218808866674666330333686386893401140331",
"15767379476251538998644878367443810297",
"75767832613375060683357719746279895816",
"281182331638249301955929629929671637290",
"192294158226209426623500479187987924865",
"134822443013192636830910538286954010411",
"320176965727817389745239409009514428661",
"287774336104469704832127939391284332052",
"86774907365965488523390735595691216467",
"247536597272381873277212347840674661879",
"228963805712915593260590048665894858826",
"43910682053025174369652003583675829696",
"62219633379297020424217642527670553814",
"269967184452833224757967181267618569452",
"9700804342915968765436483817051435541",
"103409963975095695452176770242483970112",
"113565515807872795919396808356520550749",
"267519803752317451270774246841452704432",
"46787179538191146178989893099598132293",
"316289144422290151151046649529526978642",
"309900139094826742808850662638534926365",
"294557468689871587204811598895524826269",
"81927283370088904981857680126297381148",
"16386005265682531318563283182678145508",
"271069158515182438545605163038439716971",
"107115699159740871664315085870559915602",
"271489250716350877927405780936202066688"
]
},
"source": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d",
"deprecated": false,
"target": {
"file": "Objects/unicodeobject.c"
},
"signature_type": "Line",
"id": "CVE-2025-4516-fe6ba64c"
}
]
}