Model Context Protocol (MCP) Python Library Detection

An Model Context Protocol Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid241433; scriptversion"1.7";...

astra-assistants (>=2.3.0 <=2.4.5), fiftyone-mcp-server (>=0.1.0 <=0.1.2) +13 more potentially affected by CVE-2025-53365 via mcp (>=0.9.1 <=1.0.0)

mcp PYPI version =0.9.1, =2.3.0, =0.1.0, =1.2.8, =0.1.0, =1.0.0, =0.2.0, =0.0.4, =1.0.26, =1.0.35 Source cves: CVE-2025-53365 Source advisory: OSV:GHSA-J975-95F5-7WQH...

ROS-20250630-08

A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...

CVE-2025-52467

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

[SECURITY] Fedora 42 Update: mingw-python-setuptools-78.1.1-1.fc42

MinGW Windows Python setuptools library...

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-52467

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

AZL-64170 CVE-2025-50181 affecting package python-urllib3 for versions less than 1.26.19-2

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

SignXML 安全漏洞

SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from an algorithm obfuscation flaw that could lead to the use of unintended keys to verify signatures...

SignXML 安全漏洞

SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from a timing attack flaw that could lead to HMAC key disclosure...

[SECURITY] Fedora 42 Update: mingw-python-flit-core-3.12.0-1.fc42

MinGW Python flitcore library...

ace-step (=0.1.0), ambientagi (>=0.1.1 <=0.2.12) +40 more potentially affected by CVE-2025-48889 via gradio (>=5.0.0 <=5.29.1)

gradio PYPI version =5.0.0, =0.1.1, =0.0.1, =1.0.1, =0.1.2, =0.0.5, =0.1.0, =0.0.2, =0.1.0, =2.0.0, =1.1.8b3, =1.0.0, =2025.1.24, =2025.11.0b3 and more Source cves: CVE-2025-48889 Source advisory: SNYK:PYTHON-GRADIO-10265012...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-5321 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-5321 Source advisory: SNYK:PYTHON-AIM-10288918...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1116 more potentially affected by CVE-2025-5320 via gradio (>=1.7.7 <=6.9.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2025-5320 Source advisory: SNYK:PYTHON-GRADIO-10265013...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2022-30885

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2...

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in versions prior to Open edX Platform 6740e75, which stems fro...

CVE-2025-47928

CVE-2025-47928 affects the Spotipy Python library for the Spotify Web API. The issue arises from using GitHub Actions pull_request_target, which can execute untrusted code from a fork with base-repo secrets in the context of the base repository. This can lead to exfiltration of secrets such as GI...