trytoncalidae-authentication-dummy (=7.2.0), trytoncalidae-jinja-report (>=7.2.0 <=7.2.1) +211 more potentially affected by CVE-2025-66424 via trytond (=7.2.23)

trytond PYPI version =7.2.23 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - trytoncalidae-authentication-dummy =7.2.0 - trytoncalidae-jinja-report =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0,...

abilian-sbe (>=1.1.0 <=1.1.12), acfx (>=0.3.1 <=0.3.7.dev1) +684 more potentially affected by CVE-2025-66221 via werkzeug (>=3.0.0 <=3.1.3)

werkzeug PYPI version =3.0.0, =1.1.0, =0.3.1, =4.11.0, =1.0.0, =0.1.3, =0.2.4.1, =0.0.1, =1.3.0, =0.1.0, =0.1.1, =0.5.7, =0.1.0, =0.1.0, =1.0.0, =1.1.0a20250428 and more Source cves: CVE-2025-66221 Source advisory: SNYK:PYTHON-WERKZEUG-14151620...

accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +321 more potentially affected by CVE-2025-65106 via langchain-core (>=0.4.0.dev0 <=1.0.5)

langchain-core PYPI version =0.4.0.dev0, =0.0.2, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...

joserfc 安全漏洞

joserfc is a Python library open-sourced by Authlib. A security vulnerability exists in joserfc version 1.3.3 up to and including version 1.3.5 and version 1.4.0 up to and including version 1.4.2, which stems from an ExceededSizeError exception message embedded in the Undecoded JWT Token section,...

MAL-2025-191753 Malicious code in hexadec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9d0ae8ccf24a6f5bfc3a0d5e39a983576d6edb2c64d9fe31fcb758236a4aa25 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

MGASA-2025-0289 Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

CLSA-2025-1763054281 python: Fix of CVE-2025-8194

CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs...

CLSA-2025-1762980908 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1762958892 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1762958654 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

kdcproxy 安全漏洞

kdcproxy is a Python library open-sourced by latchset A security vulnerability exists in kdcproxy that stems from not enforcing TCP response length bounds, which could lead to a denial of service attack...

Python Library Brotli <= 1.1.0 DoS

The detected version of the Brotli Python package, Brotli, is prior or equal to 1.1.0. It is, therefore, affected by a denial of service DoS vulnerability due to decompression. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1414 more potentially affected by CVE-2025-64459 via django (>=5.2.0 <=5.2.7)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.0.13, =1.2.7 and more Source cves: CVE-2025-64459 Source advisory: SNYK:PYTHON-DJANGO-13836728...

agent-toolkit (=0.1.9), ailite (>=6.0.0 <=6.1.10) +40 more potentially affected by CVE-2025-12695 via dspy (>=0.1.5 <=3.1.0)

dspy PYPI version =0.1.5, =6.0.0, =0.1.0, =0.1.9, =2.5.5, =0.1.0, =2.8.0, =0.2.1, =0.5.400 and more Source cves: CVE-2025-12695 Source advisory: SNYK:PYTHON-DSPY-13832222...

agentic-ai-engineering-course (>=0.4.6 <=0.4.7), agentsphere-mcp-server (>=1.8.0 <=1.9.1) +185 more potentially affected by CVE-2025-62801 via fastmcp (>=2.0.0 <=2.13.0)

fastmcp PYPI version =2.0.0, =0.4.6, =1.8.0, =3.2.0, =3.2.0, =4.2.2, =3.0.2, =0.2.7, =1.0.0rc1, =0.2.7, =1.7.3, =0.1.12, =0.9.30, =0.14.3, =0.9.4, =0.17.7 and more Source cves: CVE-2025-62801 Source advisory: SNYK:PYTHON-FASTMCP-13745516...

Linux Distros Unpatched Vulnerability : CVE-2025-62706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE...

[SECURITY] Fedora 43 Update: python3.10-3.10.19-1.fc43

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

Impacket 0.13.0

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

CLSA-2025-1760983006 python3: Fix of CVE-2025-8194

Bump package Release to 21.0.5 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative...