Important: python3.12-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

CVE-2025-4435 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4138 vulnerabilities

Vulnerabilities for packages: python...

GHSA-4G4G-FQW4-PRP2 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4330 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4517 vulnerabilities

Vulnerabilities for packages: python...

CVE-2024-12718 vulnerabilities

Vulnerabilities for packages: python...

CVE-2024-12718 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4330 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4138 vulnerabilities

Vulnerabilities for packages: python...

GHSA-68PJ-XRP5-VCCJ vulnerabilities

Vulnerabilities for packages: python...

GHSA-2PG8-H2J6-28XM vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4517 vulnerabilities

Vulnerabilities for packages: python...

CVE-2025-4435 vulnerabilities

Vulnerabilities for packages: python...

0lever-utils (>=0.0.2 <=0.0.7), 128autograder (>=5.0.1 <=6.0.0rc4) +12383 more potentially affected by CVE-2024-47081 via requests (>=0.13.7 <=2.32.3)

requests PYPI version =0.13.7, =0.0.2, =5.0.1, =0.0.1a0, =0.1.1001, =0.1.0, =0.0.2, =0.0.5, =0.1.0, =0.1.0, =0.1.8 and more Source cves: CVE-2024-47081 Source advisory: OSV:GHSA-9HJG-9R4M-MVJ7...

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.8) +685 more potentially affected by CVE-2025-1793 via llama-index-core (>=0.10.0 <=0.12.28)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-1793 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-10332647...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1421 more potentially affected by CVE-2025-48432 via django (>=5.2.0 <=5.2.14)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-48432 Source advisory: SNYK:PYTHON-DJANGO-10302884...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.23-i586-1slack15.0.txz: Upgraded. This update fixes security issues: gh-135034: CVE-2024-12718 CVE-2025-4138 CVE-2025-433...

python36:3.6 security update

python36 python-distro python-docs python-docutils python-nose python-pygments python-pymongo 3.7.0-2 - Backport CVE-2024-5629...

Backdoors in Python and NPM Packages Target Windows and Linux

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control...