composio-autogen (>=0.3.13 <=0.6.19), composio-camel (>=0.3.17 <=0.6.19) +16 more potentially affected by CVE-2024-53526 via composio-core (>=0.3.13 <=0.6.2)

composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.0.3, =0.0.7 and more Source cves: CVE-2024-53526 Source advisory: SNYK:PYTHON-COMPOSIOCORE-8605708...

agentiacap (>=0.1.0 <=0.1.1), arcana (>=0.3.0 <=0.6.1) +122 more potentially affected by unknown CVE via nipype (>=1.10.0 <=1.7.1)

nipype PYPI version =1.10.0, =0.1.0, =0.3.0, =0.2.5, =0.3.2, =3.0.0, =2020.12.2, =0.2.0.post1, =0.0.1, =0.2.5, =0.0.2, =0.2.1, =2.0.7, =1.61.2, =1.67.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-NIPYPE-8601497...

aleksis (>=2025.1.0 <=2025.1.1), aleksis-app-alsijil (>=4.0.0 <=4.0.0.dev9) +139 more potentially affected by unknown CVE via django-allauth (>=65.0.1 <=65.2.0)

django-allauth PYPI version =65.0.1, =2025.1.0, =4.0.0, =3.0.0.dev0, =4.0.0, =4.0.0, =0.1.0.dev0, =4.0.0, =3.0.0.dev0, =4.0.0.dev0, =4.0.0, =0.1.0.dev0, =0.3.0, =4.0.0, =0.1.0.dev1, =3.0.0, =3.0.0.dev0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DJANGOALLAUTH-8600545...

PT-2025-49260

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.24 through 2.5.9 Description urllib3 is a user-friendly HTTP client library for Python. In versions starting from 1.24 and prior to 2.6.0, the decompression chain had an unbounded number of links. This allowed a malicious...

a-api-server (=1.3.0), aau-ais-dipaal (>=0.1.22 <=0.1.29) +2303 more potentially affected by CVE-2024-56201 via jinja2 (>=3.0.0 <=3.1.4)

jinja2 PYPI version =3.0.0, =0.1.22, =1.0.2, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.3.0, =1.5.2, =1.5.6 and more Source cves: CVE-2024-56201 Source advisory: SNYK:PYTHON-JINJA2-8548987...

AZL-54647 CVE-2024-56326 affecting package python-jinja2 for versions less than 3.0.3-5

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

python-libarchive Python Library <= 4.2.1 Directory Traversal (CVE-2024-55587)

The version of the python-libarchive Python library that is installed on the remote host is 4.2.1 or prior. It is, therefore, affected by a directory traversal vulnerability. python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and...

CLSA-2024-1734027948 Update of python

Version was updated...

Pdoc Python Library <= 14.5.1 (CVE-2024-38526)

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1. Note that Nessus has not tested for this issue but...

EUVD-2024-3441

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

PT-2024-36562 · Unknown · Python-Libarchive

Name of the Vulnerable Software and Affected Versions: python-libarchive versions 4.2.1 and earlier Description: The issue allows directory traversal, enabling the creation of files in extract in zip.py for ZipFile.extractall and ZipFile.extract functions. This can be exploited to create files...

aldryn-django (=4.2.10.0), alertwise (=1.0.0) +93 more potentially affected by CVE-2024-53908 via django (>=4.2.0 <=4.2.16)

django PYPI version =4.2.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.4.0, =4.16.2, =4.8.0, =8.0.0, =5.2.0, =5.2.2 - cpu-utilization-monitoring =0.1.3 and more Source cves: CVE-2024-53908 Source advisory: OSV:PYSEC-2024-157...

allianceauth (=5.0.0a1), anime-quiz (=1.0.0) +181 more potentially affected by CVE-2024-53907 via django (>=5.1.0 <=5.1.3)

django PYPI version =5.1.0, =0.42.1, =1.23.0, =0.46.0, =24.1.0, =0.2.0, =0.1.0, =0.1.6, =0.6.0, =0.8.0 and more Source cves: CVE-2024-53907 Source advisory: OSV:PYSEC-2024-156...

CVE-2024-53865

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

Malicious Package

Overview aiocpa is a malicious package. This package contains malicious code steals sensitive information from the victim. Remediation Avoid using all malicious instances of the aiocpa package. References - Phylum Blog Credit: Phylum Research Team...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

aistrainer (>=0.0.1 <=0.0.13), aivoifu (>=0.2.8 <=0.2.9) +21 more potentially affected by unknown CVE via deepspeed (>=0.10.2 <=0.15.1)

deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEEPSPEED-8320951...

acedeploy (>=2.4.15 <=2.4.115), authz-analyzer (=0.1.1) +27 more potentially affected by CVE-2024-49750 via snowflake-connector-python (>=3.0.0 <=3.12.2)

snowflake-connector-python PYPI version =3.0.0, =2.4.15, =0.1.0, =0.4.0, =0.7.0, =0.2.1, =0.0.12, =4.5.0, =0.2.0, =0.0.14, =0.0.83, =0.2.13a0 - nuvolos =0.5.1 - oc-pipelinewise-target-snowflake =2.2.0 and more Source cves: CVE-2024-49750 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-83037...

PYSEC-2024-191

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

[SECURITY] Fedora 40 Update: python-openapi-core-0.19.4-3.fc40

Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...