a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +369 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.1)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.5 and more Source cves: CVE-2026-28277 Source advisory: OSV:GHSA-G48C-2WQR-H844...

agentstack-cli (>=0.4.0 <=0.6.2rc6), aieng-platform-onboard (>=0.5.0 <=0.6.1) +89 more potentially affected by CVE-2026-28802 via authlib (>=1.6.0 <=1.6.6)

authlib PYPI version =1.6.0, =0.4.0, =0.5.0, =0.9.5, =0.19.0, =0.38.0, =0.1.0, =0.1.0, =0.1.0, =1.7.0, =0.1.1rc22, =0.1.0, =0.7.0, =0.2.19, =0.5.24 and more Source cves: CVE-2026-28802 Source advisory: SNYK:PYTHON-AUTHLIB-15425813...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +933 more potentially affected by CVE-2026-0847 via nltk (>=3.0.0 <=3.9.2)

nltk PYPI version =3.0.0, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0847 Source advisory: SNYK:PYTHON-NLTK-15460762...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-25673 via django (>=4.2.0 <=4.2.28)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-25673 Source advisory: SNYK:PYTHON-DJANGO-15371389...

aratinga (=0.1.0a0.dev3), coop (=7.1.0) +5 more potentially affected by CVE-2026-28222 via wagtail (>=7.1.0 <=7.1.3)

wagtail PYPI version =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.1.0b0 Source cves: CVE-2026-28222 Source advisory: OSV:GHSA-P5CM-246W-84JM...

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +30 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: SNYK:PYTHON-LXMLHTMLCLEAN-15369490...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +762 more potentially affected by CVE-2026-2635 via mlflow-skinny (>=2.6.0 <=3.9.0rc0)

mlflow-skinny PYPI version =2.6.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2026-2635 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698156...

abilian-sbe (>=1.1.0 <=1.1.12), acfx (>=0.3.1 <=0.3.7.dev2) +702 more potentially affected by CVE-2025-66221 +1 more via werkzeug (>=3.0.0 <=3.1.5)

werkzeug PYPI version =3.0.0, =1.1.0, =0.3.1, =4.11.0, =1.0.0, =0.1.3, =0.2.4.1, =0.0.1, =1.3.0, =0.1.0, =0.1.1, =0.5.7, =0.1.0, =0.4.0 and more Source cves: CVE-2025-66221, CVE-2026-27199 Source advisory: SNYK:PYTHON-WERKZEUG-15322677...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +935 more potentially affected by CVE-2025-14009 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: OSV:PYSEC-2026-96...

UBUNTU-CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

GHSA-JH94-8Q48-F3M3 vulnerabilities

Vulnerabilities for packages: python...

CVE-2026-1299 vulnerabilities

Vulnerabilities for packages: python...

GHSA-JH94-8Q48-F3M3 vulnerabilities

Vulnerabilities for packages: python...

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +16 more potentially affected by CVE-2026-1669 via keras (>=3.0.0 <=3.12.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =14.0.0, =14.1.0 and more Source cves: CVE-2026-1669 Source advisory: SNYK:PYTHON-KERAS-15268069...

a-simple-llm-kit (>=0.3.0 <=0.4.2), a62-emotion (>=0.9.2 <=0.11.4) +3482 more potentially affected by CVE-2025-69872 via diskcache (>=2.4.1 <=5.6.3)

diskcache PYPI version =2.4.1, =0.3.0, =0.9.2, =0.1.0, =0.2.1, =0.1.1.dev1, =0.3.4, =0.1.1, =0.3.3, =0.0.2, =20260210.0.0, =20260212.0.0 and more Source cves: CVE-2025-69872 Source advisory: SNYK:PYTHON-DISKCACHE-15268422...

[SECURITY] Fedora 42 Update: maturin-1.9.6-3.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

acedeploy (>=2.4.119 <=2.4.342), adam-assist (>=0.3.4 <=0.3.9) +362 more potentially affected by CVE-2026-26007 via cryptography (>=46.0.0 <=46.0.4)

cryptography PYPI version =46.0.0, =2.4.119, =0.3.4, =0.5.0, =0.0.18, =0.1.0, =0.1.1.post72, =0.11.0, =1.0.6, =0.0.1, =1.1.2, =0.4.0, =0.3.2, =0.3.3 and more Source cves: CVE-2026-26007 Source advisory: SNYK:PYTHON-CRYPTOGRAPHY-15263096...

GHSA-HRVR-7X5W-XPMQ vulnerabilities

Vulnerabilities for packages: python...

CVE-2024-5642 vulnerabilities

Vulnerabilities for packages: python...

[SECURITY] Fedora 43 Update: maturin-1.9.6-4.fc43

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...