Important Photon OS Security Update - PHSA-2026-4.0-0939

Updates of 'python3' packages of Photon OS have been released...

Medium: python3.9

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When loading a plist file, the plistlib module...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69228 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69228 Source advisory: SNYK:PYTHON-AIOHTTP-14871877...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1249 more potentially affected by CVE-2025-69228 via aiohttp (>=0.13.1 <=3.13.2)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69228 Source advisory: OSV:GHSA-6JHG-HG63-JVVF...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69227 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69227 Source advisory: SNYK:PYTHON-AIOHTTP-14871979...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69225 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69225 Source advisory: SNYK:PYTHON-AIOHTTP-14871929...

GHSA-QHX6-HPFJ-8M4G vulnerabilities

Vulnerabilities for packages: python...

GHSA-399H-RRQC-RPGV vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13836 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13837 vulnerabilities

Vulnerabilities for packages: python...

GHSA-399H-RRQC-RPGV vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-13836 vulnerabilities

Vulnerabilities for packages: python...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by unknown CVE via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MLFLOW-14829280...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14930 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14930 Source advisory: SNYK:PYTHON-TRANSFORMERS-14563374...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-12839 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +2032 more potentially affected by CVE-2025-14927 via transformers (>=2.10.0 <=4.57.0)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-14927 Source advisory: OSV:PYSEC-2025-215...

ab-tune (=0.1.0), abasedzne (=2.0.0.dev2) +533 more potentially affected by CVE-2025-68463 via biopython (>=1.0.0a4 <=1.86.0)

biopython PYPI version =1.0.0a4, =0.1.0, =0.5.1, =0.4.1, =1.0.0.0, =0.0.1, =0.2.0, =0.1.0, =0.1.7, =0.21.2, =1.0.0, =2.0.0 - ambie =0.6.3 and more Source cves: CVE-2025-68463 Source advisory: SNYK:PYTHON-BIOPYTHON-14535734...

RockyLinux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2023:2764)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2764 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

RHEL 8 : python39:3.9 (RHSA-2025:23530)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23530 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

GHSA-HFQX-732W-XRRW vulnerabilities

Vulnerabilities for packages: python...