CVE-2026-0865 affecting package python3 for versions less than 3.9.19-19

CVE-2026-0865 affecting package python3 for versions less than 3.9.19-19. A patched version of the package is available...

AZL-76499 CVE-2026-1703 affecting package python3 3.9.19-19

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

AZL-75053 CVE-2026-0865 affecting package python3 for versions less than 3.9.19-19

User-controlled header names and values containing newlines can allow injecting HTTP headers...

AZL-75041 CVE-2025-15366 affecting package python3 3.9.19-19

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

AZL-75050 CVE-2025-15367 affecting package python3 3.9.19-19

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

AZL-71275 CVE-2025-13837 affecting package python3 3.9.19-19

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...