PYSEC-2025-7 Posts scraped data to IP address associated with other malware distribution attacks.

Published in 2021, the imblog package is a Python library that scrapes data from a blog page to an IP address associated with other malware distribution attacks...

Posts scraped data to IP address associated with other malware distribution attacks.

Published in 2021, the imblog package is a Python librarythat scrapes data from a blog page to an IP address associated with other malware distribution attacks...

Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python librarythat exfiltrates user cookies to a hardcoded IP address.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

PT-2025-8754 · Autodzee · Autodzee

Name of the Vulnerable Software and Affected Versions: autodzee affected versions not specified Description: The autodzee package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

PT-2025-8758 · Pypi · Imblog

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a Python library that scrapes data from a blog page to an IP address associated with other malware distribution attacks. Recommendations: At the moment, there is no...

Malicious code in time-server-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f796bcefeb9b8d3af4bde36c54545d77afdcd6b63284ae58b0a6078b0bbb561 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191704 Malicious code in computestpspeedcomp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32f4586fefb791454cfa5a7bebbdd0372f4660b05989bfcd74a6f5aad48cb565 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

OPENSUSE-SU-2025:14739-1 python311-cryptography-44.0.0-1.1 on GA media

These are all security issues fixed in the python311-cryptography-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed...

Pygwalker 安全漏洞

Pygwalker is a Python library open-sourced by Kanaries that transforms data into a fully interactive visual exploration interface with a single line of code. A security vulnerability exists in Pygwalker prior to version v.0.4.9.9, which originates from obtaining sensitive information and executin...

CVE-2025-0938

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

DEBIAN-CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

PT-2025-4103

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The issue concerns the Python standard library functions urllib.parse.urlsplit and urlparse accepting domain names with square brackets, which is not valid according to RFC 3986. Square bracke...

SUSE CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

awslabs-ccapi-mcp-server (>=1.0.1 <=1.0.18), bridgecrew (>=3.2.415 <=3.2.477) +10 more potentially affected by CVE-2025-24359 via asteval (=1.0.5)

asteval PYPI version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on asteval and may be impacted: - awslabs-ccapi-mcp-server =1.0.1, =3.2.415, =3.2.415, =0.1.130, =6.0.0, =5.8.0, =5.8.0, =0.0.8, =0.1.0, =0.14.3 Source cves: CVE-2025-24359 Source...

[SECURITY] Fedora 40 Update: mingw-python-jinja2-3.1.5-1.fc40

MinGW Windows Python jinja2 library...

BIT-PYTHON-MIN-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

Gradio Detection

An Gradio Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid213710; scriptversion"1.4";...