Hi, I just added the list of vulnerable Python versions to my report: http://python-security.readthedocs.io/vulnerabilities.html So I checked the status of backports, and I identified one last vulnerability not fixed in Python 3.4 yet: HTTP directory traversal on Windows. I proposed a cherry-pick: https://github.com/python/cpython/pull/782 Python 3.2 and 3.3 lack a lot of fixes, but the last release was in 2014. Fixes were backported in the meanwhile, but no new security version was released since that time. gettext: FIXME 3.2 3.3 fixed: no release yet Sweet32 3.4 fixed: no release yet HTTPoxy attack: 3.2 and 3.3 FIXME 3.2 3.3 fixed: no release yet smtplib TLS striping FIXME 3.2 3.3 fixed: no release yet HTTP directory traversal FIXME 3.2 FIXME 3.3 FIXME 3.4 => https://github.com/python/cpython/pull/782 Expat 2.1.1 FIXME 3.2 FIXME 3.3 zipimporter overflow FIXME 3.2 3.3 fixed, no release yet HTTP Header injection FIXME 3.2 FIXME 3.3 Validate TLS certificate 3.2 and 3.3 vulnerable: no plan to backport the feature SSL: NULL byte 3.3 fixed: no release yet match_hostname IDNA FIXME 3.2 xmlrpc gzip decode 3.2 fixed in 2014: no release yet 3.3 fixed: no release yet Victor