136 matches found
CVE-2025-53365
The MCP Python SDK (package name mcp) has a CVE-2025-53365 issue affecting versions prior to 1.10.0. If a client deliberately triggers an exception after establishing a streamable HTTP session, the server can emit an uncaught ClosedResourceError, potentially crashing the server and requiring a re...
CVE-2025-53365 MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing...
PT-2025-28027
Name of the Vulnerable Software and Affected Versions: MCP Python SDK versions prior to 1.9.4 Description: A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability until manually restarted. The impact may vary...
PT-2025-28026
Name of the Vulnerable Software and Affected Versions: MCP Python SDK versions prior to 1.10.0 Description: The issue arises when a client deliberately triggers an exception after establishing a streamable HTTP session, leading to an uncaught ClosedResourceError on the server side. This can cause...
Improper Authorization
Overview accelbyte-py-sdk is an AccelByte Python SDK Affected versions of this package are vulnerable to Improper Authorization via the resolve function in the protohttprequest.py, which accepts COOKIEAUTH and bypasses additional Basic or Bearer auth requirements. Remediation Upgrade...
Malicious code in aurm-python-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2950 Malicious code in credential-python-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c6598ac9c321af3b0526ddceb5ffc6e78d593e0c3e6bdd259b06c0792705cc6 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in acloud-client-uses (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 23487ce28601ae00fc60455a6e324818c68a8a00b3a3d17f7356853ca7eedee5 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191679 Malicious code in amzclients-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7918a5aab99f521336ce5a17ca3b3dae77256011f91ed8dc22c4d9a38123f539 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
CVE-2024-34072
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...
Cross-site Scripting (XSS)
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Cross-site Scripting XSS in Jinja2 Environment. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The...
SUSE SLES15 : Recommended update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-aigen, python-aliyun-python-sdk-aimiaobi, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-airticketopen, python-aliyun-python-sdk-alb, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alikafka, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amptest, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-antiddos-public, python-aliyun-python-sdk-apds (SUSE-SU-SUSE-RU-2024:1829-2)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1829-2 advisory. Changes in python-aliyun-python-sdk: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add...
CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
DEBIAN-CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
CVE-2024-40647
sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...
Malicious code in tcloud-python-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6098 Malicious code in tcloud-python-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=-...