13257 matches found
RHEL 9 : python3.14-urllib3 (RHSA-2026:28157)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28157 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
MAL-2026-6262 Malicious code in inversiones-common (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...
ROOT-APP-PYPI-CVE-2025-4565 CVE-2025-4565 in rootio-protobuf - Patched by Root
Root has patched CVE-2025-4565 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...
Malicious code in jsonschema-viewer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...
Malicious code in improvado-layout-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...
MAL-2026-6231 Malicious code in improvado-layout-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...
GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol
A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...
ROOT-APP-PYPI-CVE-2025-67221 CVE-2025-67221 in rootio-orjson - Patched by Root
Root has patched CVE-2025-67221 in the rootio-orjson package for Root:PyPI. Multiple fixed versions available...
MAL-2026-6208 Malicious code in fastercoding (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c302e448868fcff3110a45d20b53d9d887cfb5aa31bb66df90702f2767246b4 The package exposes a single public function run re-exported from init.py which, on Windows, downloads BackgroundSyncService.exe from...
MAL-2026-6182 Malicious code in fluent-panel-metrics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...
OPENSUSE-SU-2026:11068-1 python311-3.11.15-6.1 on GA media
These are all security issues fixed in the python311-3.11.15-6.1 package on the GA media of openSUSE Tumbleweed...
Malicious code in temp-development-package-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5cdc1d94dd0cfb62a4a0267ae52bf1a72dfa31a6854196b4bb220759b7c6e878 Starting with version 0.4, package installs a sitecustomize.py that executes during Python engine initialization. The embeded code uses mshta to download...
MAL-2026-5876 Malicious code in temp-development-package-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5cdc1d94dd0cfb62a4a0267ae52bf1a72dfa31a6854196b4bb220759b7c6e878 Starting with version 0.4, package installs a sitecustomize.py that executes during Python engine initialization. The embeded code uses mshta to download...
MAL-2026-5875 Malicious code in myfirstpackagetestaaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c05b4934471efac919453e87b37a94a9a92c930455283c0bfb85b535c61f4a6b During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in myfirstpackagetestaaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c05b4934471efac919453e87b37a94a9a92c930455283c0bfb85b535c61f4a6b During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in aaaazzzzaz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5874 Malicious code in aaaazzzzaz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
ROOT-APP-PYPI-CVE-2026-41066 CVE-2026-41066 in rootio-lxml - Patched by Root
Root has patched CVE-2026-41066 in the rootio-lxml package for Root:PyPI. Multiple fixed versions available...
Critical Photon OS Security Update - PHSA-2026-5.0-0882
Updates of 'ruby', 'python3-mako', 'linux-esx', 'python3-lxml', 'python3-ujson', 'python3', 'python3-mistune', 'linux' packages of Photon OS have been released...
Malicious code in testpackagemanyhttpsgo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 336f39e218fe5b5a09ef8ee7757efa7a0ca73c0fe6571bc232d735448499a950 At install time, setup.py fetches https://tmpfiles.org/dl/wawHVGgfydD7/6a306c5f03a52.exe via urllib, writes the response to disk, and executes it wit...