CVE-2025-12084 vulnerabilities

Vulnerabilities for packages: python...

GHSA-HFQX-732W-XRRW vulnerabilities

Vulnerabilities for packages: python...

a-mailx (=0.1.0), ai-security-analyzer (>=0.0.45 <=0.0.55) +16 more potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (>=1.0.4 <=3.0.0)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.0.45, =0.1.0a2, =0.4.3, =0.1.0a1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =1.3.41 and more Source cves: CVE-2025-67644 Source advisory: OSV:GHSA-9RWJ-6RC7-P77C...

CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

agent-library (>=0.7.0 <=0.13.1), arcade-ai (=2.3.0) +67 more potentially affected by CVE-2025-66454 via arcade-mcp-server (>=1.0.0rc3 <=1.22.0)

arcade-mcp-server PYPI version =1.0.0rc3, =0.7.0, =1.2.0, =0.3.0, =0.1.0, =0.3.0, =0.2.0, =1.2.0, =2.3.0, =1.1.0, =3.1.0, =0.2.0, =3.1.0, =3.1.0, =4.0.0, =4.2.0 and more Source cves: CVE-2025-66454 Source advisory: SNYK:PYTHON-ARCADEMCPSERVER-14171924...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1443 more potentially affected by CVE-2025-13372 via django (>=5.2.0 <=5.2.8)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-13372 via django (>=4.2.0 <=4.2.26)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...

1xn-vmcp (>=0.5.2 <=0.6.1), a2c-smcp (>=0.1.1rc0 <=0.1.5) +396 more potentially affected by CVE-2025-66416 via mcp (>=1.0.0 <=1.22.0)

mcp PYPI version =1.0.0, =0.5.2, =0.1.1rc0, =0.7.2, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =0.4.0, =0.0.19, =1.0.0, =3.2.0, =3.2.0, =4.2.2, =4.3.3 and more Source cves: CVE-2025-66416 Source advisory: SNYK:PYTHON-MCP-14171912...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1443 more potentially affected by CVE-2025-64460 via django (>=5.2.0 <=5.2.8)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-64460 Source advisory: OSV:PYSEC-2025-109...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1443 more potentially affected by CVE-2025-13372 via django (>=5.2.0 <=5.2.8)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-13372 Source advisory: OSV:PYSEC-2025-104...

01os (>=0.0.5 <=0.0.13), airbyte-source-azure-blob-storage (>=0.3.3 <=0.6.12) +97 more potentially affected by CVE-2025-64712 via unstructured (>=0.10.10 <=0.18.15)

unstructured PYPI version =0.10.10, =0.0.5, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.0, =4.5.1, =1.0.0, =0.0.1, =0.1.6, =0.2.2, =0.1.0, =0.1.16 - biorxivist =0.2.1 and more Source cves: CVE-2025-64712 Source advisory: SNYK:PYTHON-UNSTRUCTURED-14157218...

EUVD-2025-200121

Malicious code in spellcheckers PyPI...

ado-vllm-performance (=1.2.2), agentclinic (=0.1.0) +23 more potentially affected by CVE-2025-66448 via vllm (>=0.10.0 <=0.11.0)

vllm PYPI version =0.10.0, =0.0.0, =2.3.5, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.0, =0.1.5, =1.0.0, =1.2.6 - haerae-evaluation-toolkit =0.1.0 - hedge-bench =0.1.2 and more Source cves: CVE-2025-66448 Source advisory: SNYK:PYTHON-VLLM-14157153...

GHSA-VC2M-M665-8XM2 vulnerabilities

Vulnerabilities for packages: python...

GHSA-VC2M-M665-8XM2 vulnerabilities

Vulnerabilities for packages: python...

MGASA-2025-0289 Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25351 more potentially affected by CVE-2025-63396 via torch (>=1.0.0 <=2.7.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-63396 Source advisory: OSV:PYSEC-2025-210...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64181 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

achoz (>=0.3.0 <=0.3.42), aclpubcheck (>=0.1.0 <=0.2.0) +314 more potentially affected by CVE-2025-70559 via pdfminer-six (>=20140915.0.0 <=20251107.0.0)

pdfminer-six PYPI version =20140915.0.0, =0.3.0, =0.1.0, =0.8.1, =0.2.0, =1.1.74b0, =0.1.11, =0.1.0, =1.0.0, =1.0.0, =1.0.29, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.44 and more Source cves: CVE-2025-70559 Source advisory: OSV:GHSA-F83H-GHPP-7WCC...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +265 more potentially affected by CVE-2025-64439 via langgraph-checkpoint (>=1.0.12 <=2.1.2)

langgraph-checkpoint PYPI version =1.0.12, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.2.0a1, =0.2.5a2, =0.0.3rc0, =0.8.0, =0.1.0, =0.1.37 and more Source cves: CVE-2025-64439 Source advisory: OSV:GHSA-WWQV-P2PP-99H5...