Ubuntu: Security Advisory (USN-7488-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

reactivated (>=0.40.2a2429 <=0.45.3a2797) potentially affected by unknown CVE via django-stubs (>=5.0.4 <=5.1.3)

django-stubs PYPI version =5.0.4, =0.40.2a2429, =0.45.3a2797 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DJANGOSTUBS-12671219...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1813 more potentially affected by CVE-2025-3933 via transformers (>=2.10.0 <=4.51.3)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3933 Source advisory: SNYK:PYTHON-TRANSFORMERS-10247398...

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2561 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: SNYK:PYTHON-H11-10293728...

Malicious code in zsender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64454f4348553cc0321094cffaef685d8977dd95ccf1c07dc54e2b8b3c39a8f0 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

MAL-2025-191943 Malicious code in zmaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f4ac88a121488df2fdfa1cb5409f3443f658a30d679f20acc41dd2c656bd3b8 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.22-i586-1slack15.0.txz: Upgraded. This update fixes security issues: gh-131809 and gh-131261: Upgrade vendored expat to 2.7.1...

dev-laiser (>=0.0.2 <=0.2.17), dillema (>=0.1.1 <=0.1.6) +15 more potentially affected by CVE-2025-32381 via xgrammar (>=0.1.11 <=0.1.17)

xgrammar PYPI version =0.1.11, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.0.7, =1.2.0, =0.1.20, =0.0.2, =0.1.2, =1.2.0, =0.1.0, =0.1.2 and more Source cves: CVE-2025-32381 Source advisory: OSV:PYSEC-2025-235...

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index PyPI repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a...

01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +194 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.63.7)

litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.2.0, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.62.9 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-9667338...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25158 more potentially affected by CVE-2025-3001 via torch (>=1.0.0 <=2.5.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-3001 Source advisory: OSV:PYSEC-2025-195...

api-python-bet-project (>=0.1.9 <=0.1.22), argosml (>=0.0.1 <=0.1.3) +61 more potentially affected by CVE-2025-1474 via mlflow (>=2.0.0rc0 <=2.19.0)

mlflow PYPI version =2.0.0rc0, =0.1.9, =0.0.1, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =0.1.2370984012, =0.0.41, =1.6.0, =0.14.0, =0.14.0, =0.14.2b0 and more Source cves: CVE-2025-1474 Source advisory: SNYK:PYTHON-MLFLOW-9486737...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0189 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0189 Source advisory: SNYK:PYTHON-AIM-9510938...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0190 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0190 Source advisory: SNYK:PYTHON-AIM-9510937...

composio-autogen (>=0.3.13 <=0.4.2), composio-camel (>=0.3.17 <=0.4.2) +11 more potentially affected by CVE-2024-8952 via composio-core (>=0.3.13 <=0.4.2)

composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.4.2 Source cves: CVE-2024-8952 Source advisory: OSV:GHSA-QVG9-VP87-H3HR...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8551 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8551 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511377...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8487 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8487 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511372...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8524 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8524 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511411...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8556 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8556 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511154...

amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2024-7768 via h2o (>=3.18.0.8 <=3.46.0.7)

h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2024-7768 Source advisory: OSV:GHSA-P2VC-M5FV-9W9M...