Astra Linux - уязвимость в python-cryptography

A flaw was discovered in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which could result in the exposure of confidential or sensitive data...

Astra Linux - уязвимость в python2.7, pypy

In Python 3.x versions prior to 3.5.10, 3.6.x versions prior to 3.6.12, 3.7.x versions prior to 3.7.9, and 3.8.x versions prior to 3.8.5, CRLF injection is allowed if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

Astra Linux - уязвимость в python3.7, python2.7

In Python aka CPython, up to version 3.10.8, the mailcap module does not add escape characters to commands found in the system’s mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if those commands lack validation of...

Astra Linux - уязвимость в python-setuptools

Python Packaging Authority PyPA’s setuptools before version 65.5.1 allows remote attackers to cause a denial of service through HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS vulnerability present in packageindex.py...

SUSE CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

MAL-2026-4652 Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

MAL-2026-4182 Malicious code in stripe-internal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e7a911f1602bed2fda7cbacff6567286433df29592c24839ae9980c7fff0e6b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4181 Malicious code in stripe-commands (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25869cea9557ac431847a2e11b5c78d6da5ee072b1d73f1d0fa6ccc895d2be60 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in stripe-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2134a01cead67cd3508d0ca8a14acbfd272181c65faed08b8491a1b2e7885ddc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4180 Malicious code in stripe-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2134a01cead67cd3508d0ca8a14acbfd272181c65faed08b8491a1b2e7885ddc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Quality and Security Signals in AI-Generated Python Refactoring Pull Requests

As AI agents increasingly contribute to code development and maintenance, there is still limited empirical evidence on the quality and risk characteristics of their changes in real-world projects, particularly for refactoring-oriented contributions. It remains unclear how agent-authored refactori...

angr 9.2.216

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Fedora 44 : python-dotenv (2026-79e64d2daa)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-79e64d2daa advisory. Update to 1.2.2, security fix for CVE-2026-28684. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

RHEL 9 : python3.9 (RHSA-2026:19570)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19570 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

OPENSUSE-SU-2026:10829-1 python311-idna-3.15-1.1 on GA media

These are all security issues fixed in the python311-idna-3.15-1.1 package on the GA media of openSUSE Tumbleweed...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1674)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1674 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handle...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1654)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1654 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

RHEL 9 : python3.9 (RHSA-2026:19571)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19571 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Fedora 43 : python-django5 (2026-4d1404fc5d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4d1404fc5d advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...