python3.14 security update

An update is available for python3.14. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

RockyLinux 9 : python3.14 (RLSA-2026:19176)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19176 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...

RHSA-2026:19019 Red Hat Security Advisory: python3.14 security update

Bulletin has no description...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1674)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1674 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handle...

Fedora 44 : python3.14 (2026-841a2250e4)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-841a2250e4 advisory. Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100 Tenable has extracted the preceding description block directly from th...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-013020)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013020 advisory. Allows modifying some file metadata e.g. last modified with filter=dataor file permissions chmod with filter=tarof files outside the extraction directory. You are...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1556)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1556 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...

Fedora: Security Advisory (FEDORA-2026-ba6745d242)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : python3.14 (2026-013fb3d1bc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-013fb3d1bc advisory. Security fix for CVE-2026-4519 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

[SECURITY] Fedora 44 Update: python3.14-3.14.3-2.fc44

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

[SECURITY] Fedora 43 Update: python3.14-3.14.3-1.fc43

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Ubuntu: Security Advisory (USN-7951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : python3.14 (2025-d5dffbf048)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d5dffbf048 advisory. This is the second maintenance release of Python 3.14 Tenable has extracted the preceding description block directly from the Fedora security...

EUVD-2025-16736

Malicious code in bioql PyPI...

EUVD-2025-16724

Malicious code in bioql PyPI...

BIT-PYTHON-2025-4330 Extraction filter bypass for linking outside extraction directory

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

PSF-2025-7

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...