SUSE: Security Advisory (SUSE-SU-2026:20130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-marshmallow (SUSE-SU-2026:0226-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0226-1 advisory. - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Tenable has extracted the preceding...

SUSE-SU-2026:20130-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

SUSE-SU-2026:0226-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

python311-marshmallow-3.26.2-1.1 on GA media (moderate)

python311-marshmallow-3.26.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10003-1 Rating: moderate Cross-References: CVE-2025-68480 CVSS scores: CVE-2025-68480 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-68480 SUSE : 6.3...

CVE-2025-68480 vulnerabilities

Vulnerabilities for packages: ggshield, airflow, open-webui, superset...

CVE-2025-68480

A flaw was found in Marshmallow. A remote attacker could exploit a vulnerability in the Schema.loaddata, many=True function by sending a moderately sized request. This could lead to a denial of service DoS due to the disproportionate consumption of CPU time, making the system unavailable to...

Linux Distros Unpatched Vulnerability : CVE-2025-68480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0...

CVE-2025-68480

creationtimestamp| type| source ---|---|--- 2025-12-22 23:27:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mamf4mjyyd2c...

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

ai-utilities (>=1.0.0 <=1.0.0b3), auto-pr (=1.2.0) +23 more potentially affected by CVE-2025-68480 via marshmallow (>=4.0.0 <=4.1.1)

marshmallow PYPI version =4.0.0, =1.0.0, =3.0.0, =2.3.1, =3.31.0, =1.8.0, =2.0.3, =0.0.1, =1.115.1, =0.0.1, =1.4.5, =6.0.0, =6.25.7 - nvidia-tao-core =6.0.0 and more Source cves: CVE-2025-68480 Source advisory: OSV:GHSA-428G-F7CQ-PGP5...

a-mailx (=0.1.0), acapy-agent (>=1.1.0 <=1.2.7rc0) +503 more potentially affected by CVE-2025-68480 via marshmallow (>=3.0.0rc1 <=3.26.1)

marshmallow PYPI version =3.0.0rc1, =1.1.0, =0.5.1, =4.8.2, =0.1.3, =0.1.31, =0.0.2, =0.0.7, =0.0.5, =0.0.5, =0.0.6, =0.4.2 - aicodebot =0.2.6 - aider-chat =0.43.0 - aiohttp-boilerplate =0.2.6 and more Source cves: CVE-2025-68480 Source advisory: OSV:GHSA-428G-F7CQ-PGP5...

ai-utilities (>=1.0.0 <=1.0.0b3), auto-pr (=1.2.0) +23 more potentially affected by CVE-2025-68480 via marshmallow (>=4.0.0 <=4.1.1)

marshmallow PYPI version =4.0.0, =1.0.0, =3.0.0, =2.3.1, =3.31.0, =1.8.0, =2.0.3, =0.0.1, =1.115.1, =0.0.1, =1.4.5, =6.0.0, =6.25.7 - nvidia-tao-core =6.0.0 and more Source cves: CVE-2025-68480 Source advisory: SNYK:PYTHON-MARSHMALLOW-14550833...

a-mailx (=0.1.0), acapy-agent (>=1.1.0 <=1.2.7rc0) +503 more potentially affected by CVE-2025-68480 via marshmallow (>=3.0.0rc1 <=3.26.1)

marshmallow PYPI version =3.0.0rc1, =1.1.0, =0.5.1, =4.8.2, =0.1.3, =0.1.31, =0.0.2, =0.0.7, =0.0.5, =0.0.5, =0.0.6, =0.4.2 - aicodebot =0.2.6 - aider-chat =0.43.0 - aiohttp-boilerplate =0.2.6 and more Source cves: CVE-2025-68480 Source advisory: SNYK:PYTHON-MARSHMALLOW-14550833...

EUVD-2025-68480

Malicious code in putra-kue43-ruro npm...