aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +689 more potentially affected by CVE-2025-7647 via llama-index-core (>=0.10.0 <=0.12.48)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.2.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.4.0 and more Source cves: CVE-2025-7647 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-13110240...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1446 more potentially affected by CVE-2025-55556 via tensorflow (>=1.0.1 <=2.20.0rc0)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.1.0, =0.1.0, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =0.9.0 and more Source cves: CVE-2025-55556 Source advisory: SNYK:PYTHON-TENSORFLOW-13052809...

aait (>=0.0.4.80 <=1.0.5), accusleepy (>=0.1.0 <=0.7.1) +334 more potentially affected by CVE-2025-46153 via torch (=2.6.0)

torch PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on torch and may be impacted: - aait =0.0.4.80, =0.1.0, =1.0.0.3, =0.1.0, =0.8.4, =0.1.47, =3.1.8, =0.1.3, =2.0.3, =0.3.8.2, =0.2.2, =0.2.4 - archgw =0.3.17 and more Source cves:...

lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: SNYK:PYTHON-LLAMASTACK-13109624...

bacpipe (>=1.2.0 <=1.3.2.dev0), decima2 (>=0.1.0 <=0.2.1) +11 more potentially affected by CVE-2025-9905 via keras (>=3.0.0 <=3.11.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.0.0, =1.2.0 Source cves: CVE-2025-9905 Source advisory: OSV:GHSA-36RR-WW3J-VRJV...

[SECURITY] Fedora 41 Update: maturin-1.8.7-2.fc41

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 42 Update: maturin-1.8.7-2.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58755 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58755 Source advisory: SNYK:PYTHON-MONAI-12670016...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58755 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58755 Source advisory: OSV:PYSEC-2025-140...

An Empirical Study of Vulnerabilities in Python Packages and Their Detection

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern, highlighted by the considerable number of vulnerability...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +685 more potentially affected by CVE-2025-10279 via mlflow (>=3.0.0rc2 <=3.4.0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOW-15170849...

Ubuntu: Security Advisory (USN-7710-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.6.13) +166 more potentially affected by CVE-2025-55201 via copier (>=2.3.3 <=9.9.0)

copier PYPI version =2.3.3, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55201 Source advisory: OSV:GHSA-3XW7-V6CJ-5Q8H...

01memories (>=0.0.27 <=0.0.32), 01os (>=0.0.1 <=0.0.13) +8369 more potentially affected by CVE-2025-50817 via future (>=0.14.1 <=1.0.0)

future PYPI version =0.14.1, =0.0.27, =0.0.1, =1.0.0, =2.0.0, =0.0.2, =0.1.1, =0.9.2, =0.1.1, =0.4.24b0, =0.4.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-50817 Source advisory: SNYK:PYTHON-FUTURE-11951438...

omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2025-54791 via omero-web (=5.13.0)

omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....

CVE-2025-8194 vulnerabilities

Vulnerabilities for packages: python...

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54413 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54413 Source advisory: SNYK:PYTHON-SKOPS-11023249...

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54413 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54413 Source advisory: OSV:GHSA-4V6W-XPMH-GFGP...

Alibaba Cloud Linux 3 : 0121: python3.11 (ALINUX3-SA-2025:0121)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0121 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-12718: Allows modifying some file...

acryl-datahub-dagster-plugin (>=0.0.0.dev0 <=1.6.0rc1), agentflow-runtime (>=1.1.0 <=1.4.0) +233 more potentially affected by CVE-2023-51232 via dagster (>=0.1.1 <=1.5.10)

dagster PYPI version =0.1.1, =0.0.0.dev0, =1.1.0, =0.1.0.dev419, =2.7.1, =2023.12.1, =0.0.1, =0.1.0, =0.0.1, =0.16.0, =0.4.0, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2023-51232 Source advisory: OSV:GHSA-Q93C-P2MW-P23F...