CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the urllib.request.DataHandler. An attacker can manipulate HTTP headers by injecting newline characters in the mediatype portion of a data URL, to alter request behavior or bypass security controls. Remediation A fix...

aegis-game (>=2.0.0 <=2.9.9), bittrade-binance-websocket (>=0.2.3 <=0.4.8) +28 more potentially affected by CVE-2025-66902 via websocket-server (>=0.4.0 <=0.6.4)

websocket-server PYPI version =0.4.0, =2.0.0, =0.2.3, =0.1.7, =0.2.0, =0.1.0, =0.1.1, =0.1.0, =0.7.0, =0.0.11, =0.2.0, =0.2.39 and more Source cves: CVE-2025-66902 Source advisory: SNYK:PYTHON-WEBSOCKETSERVER-15046798...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

PLY security vulnerabilities

PLY is a Python library developed by B07’s individual developers. Version 3.11 of PLY contains a security vulnerability. This vulnerability stems from the unvalidated deserialization of pickle files via the picklefile parameter in the yacc function, which could lead to remote code execution...

Updated python-urllib3 packages fix security vulnerabilities

urllib3 allows an unbounded number of links in the decompression chain. CVE-2025-66418 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects streaming API. CVE-2026-21441...

0lever-utils (>=0.0.2 <=0.0.7), a2grunnerp (>=0.1.0 <=0.1.8) +753 more potentially affected by CVE-2026-23490 via pyasn1 (>=0.1.7 <=0.6.1)

pyasn1 PYPI version =0.1.7, =0.0.2, =0.1.0, =0.4.0, =0.4.0, =0.1.1, =0.0.5, =0.4.0, =0.0.2, =0.87.2.dev9, =0.30.1, =0.1.0.dev19, =1.3.0, =0.1.0, =0.1.3 and more Source cves: CVE-2026-23490 Source advisory: SNYK:PYTHON-PYASN1-15032639...

apetest (>=0.1.0 <=0.1.1), mccole (>=0.2.0 <=4.0.0) potentially affected by CVE-2025-15104 via html5validator (>=0.3.3 <=0.4.2)

html5validator PYPI version =0.3.3, =0.1.0, =0.2.0, =4.0.0 Source cves: CVE-2025-15104 Source advisory: SNYK:PYTHON-HTML5VALIDATOR-15010792...

afipcaeqrdecode (=0.0.15), afw (>=0.0.6 <=0.0.21) +209 more potentially affected by CVE-2026-23949 via jaraco-context (>=5.3.0 <=6.0.2)

jaraco-context PYPI version =5.3.0, =0.0.6, =0.1.0, =0.1.23, =0.0.1, =0.9.5, =1.0.5, =0.1.6, =0.1.0, =0.0.2, =0.1.2, =1.0.1, =1.0.1.9 - azvaultcopy =1.0.0b1 and more Source cves: CVE-2026-23949 Source advisory: OSV:GHSA-58PV-8J8X-9VJ2...

acido (=0.15.0), adstoolbox (>=2025.12.2.2 <=2026.4.21) +207 more potentially affected by CVE-2026-21226 via azure-core (>=1.10.0 <=1.37.0)

azure-core PYPI version =1.10.0, =2025.12.2.2, =0.1.12, =0.1.31, =0.1.1, =0.0.2, =0.0.53, =0.1.0, =0.9.0, =0.2.100, =0.2.123, =1.0.0, =1.0.0, =0.1.0b1, =0.1.0b2 and more Source cves: CVE-2026-21226 Source advisory: SNYK:PYTHON-AZURECORE-14927372...

GHSA-JM66-CG57-JJV5 Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability

...

CVE-2026-21226

CVE-2026-21226 affects the Azure Core shared client library for Python via deserialization of untrusted data, enabling remote code execution by an authorized attacker over the network. Affected product in the connected docs is the Azure Core Python package; remediation guidance across sources rec...

python311-Authlib-1.6.6-1.1 on GA media (moderate)

python311-Authlib-1.6.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10034-1 Rating: moderate Cross-References: CVE-2025-68158 CVSS scores: CVE-2025-68158 SUSE : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2025-68158 SUSE : 6.9...

CVE-2026-22690

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

filelock 安全漏洞

filelock is a Python file locker open source by tox development team. filelock version before 3.20.3 has a security vulnerability , the vulnerability stems from the SoftFileLock implementation of the existence of TOCTOU competition conditions , which may lead to locking operation failure or...

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +223 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

EUVD-2026-1561

picklescan has Arbitrary file read using io.FileIO...

CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...