[SECURITY] Fedora 43 Update: rust-serde_json-1.0.145-1.fc43

A JSON serialization file format...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-python-socketio (SUSE-SU-2025:3780-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3780-1 advisory. - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Tenable has...

Security update for python-python-socketio

This update for python-python-socketio fixes the following issues: CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:3780-1 Security update for python-python-socketio

This update for python-python-socketio fixes the following issues: - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193...

EUVD-2016-6832

Malware in sbrugna...

EUVD-2020-28375

Malware in sbrugna...

EUVD-2023-2104

Malicious code in bioql PyPI...

EUVD-2022-1198

Malicious code in bioql PyPI...

EUVD-2023-0257

Malicious code in bioql PyPI...

EUVD-2022-2472

Malicious code in bioql PyPI...

CVE-2024-32876

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

GHSA-PVCR-V8J8-J5Q3 Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

GHSA-5M22-CFQ9-86X6 Pickle serialization vulnerable to Deserialization of Untrusted Data

What We are using pickle as default serialization module but that has known security issues see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9. In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles...

Pickle serialization vulnerable to Deserialization of Untrusted Data

What We are using pickle as default serialization module but that has known security issues see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9. In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles...

CVE-2023-23930

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

Default configuration

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

CVE-2023-23930 vantage6's Pickle serialization is insecure

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...