org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-43997 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-26956 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-24118 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

CVE-2026-4519 affecting package python3 for versions less than 3.9.19-20

CVE-2026-4519 affecting package python3 for versions less than 3.9.19-20. A patched version of the package is available...

Important: Red Hat Security Advisory: Red Hat Quay 3.9.19

Red Hat Quay 3.9.19 is now available with bug fixes. Quay 3.9.19...

CVE-2026-0865 affecting package python3 for versions less than 3.9.19-19

CVE-2026-0865 affecting package python3 for versions less than 3.9.19-19. A patched version of the package is available...

CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18

CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18. A patched version of the package is available...

AZL-76499 CVE-2026-1703 affecting package python3 3.9.19-19

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-22709 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

AZL-75053 CVE-2026-0865 affecting package python3 for versions less than 3.9.19-19

User-controlled header names and values containing newlines can allow injecting HTTP headers...

AZL-75041 CVE-2025-15366 affecting package python3 3.9.19-19

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

AZL-75050 CVE-2025-15367 affecting package python3 3.9.19-19

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

CVE-2025-6075 affecting package python3 for versions less than 3.9.19-17

CVE-2025-6075 affecting package python3 for versions less than 3.9.19-17. A patched version of the package is available...

AZL-71275 CVE-2025-13837 affecting package python3 3.9.19-19

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

CVE-2025-8291 affecting package python3 for versions less than 3.9.19-16

CVE-2025-8291 affecting package python3 for versions less than 3.9.19-16. A patched version of the package is available...

AZL-65984 CVE-2025-8194 affecting package python3 for versions less than 3.9.19-15

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2023-45803 affecting package python3 for versions less than 3.9.19-14

CVE-2023-45803 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

BIT-JOOMLA-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

AZL-50757 CVE-2024-9287 affecting package python3 for versions less than 3.9.19-11

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

OPENSUSE-SU-2024:14297-1 python39-3.9.19-7.1 on GA media

These are all security issues fixed in the python39-3.9.19-7.1 package on the GA media of openSUSE Tumbleweed...