3deecelltracker (>=0.5.0a0 <=1.0.0), a2g (=2020.0.1) +2572 more potentially affected by CVE-2024-5206 via scikit-learn (>=1.0.0 <=1.4.2)

scikit-learn PYPI version =1.0.0, =0.5.0a0, =0.1.0, =0.3.2, =0.9.0.dev1, =25.9.23, =0.0.1b1, =4.2.1, =3.3.0.1, =3.6.20251218 and more Source cves: CVE-2024-5206 Source advisory: OSV:GHSA-JW8X-6495-233V...

adaptive-kmpc-py (>=0.1.0 <=0.1.1), aestetik (=0.1.0) +100 more potentially affected by CVE-2024-5452 via lightning (>=1.8.6 <=2.3.2)

lightning PYPI version =1.8.6, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =0.8.3b20230916, =0.8.3b20230916, =0.8.3b20230916, =0.1.1, =0.0.1, =0.1.0, =0.5.0a1, =0.5.3 and more Source cves: CVE-2024-5452 Source advisory: OSV:GHSA-CGWC-QVRX-RF7F...

aana (>=0.2.1 <=0.2.2.2), ace-context-engineering (>=0.1.3 <=0.1.4) +779 more potentially affected by CVE-2024-3829 via qdrant-client (>=1.0.0 <=1.8.2)

qdrant-client PYPI version =1.0.0, =0.2.1, =0.1.3, =1.0.0, =0.8.1, =0.13.0, =0.4.0, =1.0.0b251001, =0.1.1, =0.0.1, =0.2.0, =0.3.0 and more Source cves: CVE-2024-3829 Source advisory: OSV:GHSA-7M75-X27W-R52R...

python39:3.9 and python39-devel:3.9 security update

modwsgi numpy python39 3.9.19-1 - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography python-idna...

[SECURITY] Fedora 40 Update: maturin-1.5.1-2.fc40

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

0lever-utils (>=0.0.2 <=0.0.7), 128autograder (>=5.0.1 <=6.0.0rc4) +10486 more potentially affected by CVE-2024-35195 via requests (>=0.13.7 <=2.31.0)

requests PYPI version =0.13.7, =0.0.2, =5.0.1, =0.0.1a0, =0.1.1001, =0.1.0, =0.0.2, =0.0.5, =0.1.0, =0.1.0, =0.1.8 and more Source cves: CVE-2024-35195 Source advisory: OSV:GHSA-9WX4-H78V-VM56...

azure-smtp-relay (>=1.0.0 <=1.0.7), mailrise (>=1.3.0 <=1.4.0) +4 more potentially affected by CVE-2024-34083 via aiosmtpd (>=1.2.0 <=1.4.5)

aiosmtpd PYPI version =1.2.0, =1.0.0, =1.3.0, =0.0.1, =0.2.5, =0.3.3 - yades-smtp =0.1.0 Source cves: CVE-2024-34083 Source advisory: OSV:GHSA-WGJV-9J3Q-JHG8...

article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +25 more potentially affected by CVE-2024-1968 via scrapy (>=1.3.3 <=1.8.4)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.1, =0.1.4 and more Source cves: CVE-2024-1968 Source advisory: OSV:PYSEC-2024-258...

SUSE-SU-2024:1670-1 Security update for python-azure-core, python-azure-storage-blob, python-azure-storage-queue, python-typing, python-typing_extensions

This update for python-azure-core, python-azure-storage-blob, python-azure-storage-queue, python-typing, python-typingextensions fixes the following issues: - CVE-2022-30187: Fixed an information disclosure issue that an attacker could exploit to leak sensitive information on the client side...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict (SUSE-SU-2024:1639-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1639-1 advisory. - redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an...

a2grunnerp (>=0.1.0 <=0.1.8), a4t-sale-discount (=5.0.2) +2411 more potentially affected by CVE-2024-34069 via werkzeug (>=0.10.1 <=3.0.2)

werkzeug PYPI version =0.10.1, =0.1.0, =1.0.2, =0.10.3, =1.8.8, =0.8.44.4, =4.2.0, =0.4.0, =0.9.2, =0.1.0, =0.0.1, =0.0.4 - adfotg =0.4.0 and more Source cves: CVE-2024-34069 Source advisory: OSV:GHSA-2G68-C3QC-8985...

3di-cmd-client (>=0.0.1a0 <=0.0.3), a-api-server (=1.3.0) +4155 more potentially affected by CVE-2024-34064 via jinja2 (>=2.10.0 <=3.1.3)

jinja2 PYPI version =2.10.0, =0.0.1a0, =0.1.22, =1.0.2, =0.0.2, =3.0.0, =0.0.0, =0.0.1, =0.8.44.4, =0.9.2.1rc2 - actinia-core =4.2.0 and more Source cves: CVE-2024-34064 Source advisory: OSV:GHSA-H75V-3VVJ-5MFJ...

Setuptools: Denial of Service

Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-32647 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-32647 Source advisory: OSV:GHSA-3WHQ-64Q2-QFJ6...

abstra (>=1.8.8 <=2.5.1), actionpi (>=1.1.4 <=1.2.0.dev22) +477 more potentially affected by CVE-2024-1681 via flask-cors (>=1.1.2 <=4.0.0)

flask-cors PYPI version =1.1.2, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.0.1, =1.0.2, =1.0.5 and more Source cves: CVE-2024-1681 Source advisory: OSV:PYSEC-2024-271...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +163 more potentially affected by CVE-2024-1558 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-1558 Source advisory: OSV:GHSA-J62R-WXQQ-F3GF...

a2 (>=0.1.0 <=0.3.17), a62-emotion (>=0.10.0 <=0.11.4) +887 more potentially affected by CVE-2024-1135 via gunicorn (>=0.17.2 <=21.2.0)

gunicorn PYPI version =0.17.2, =0.1.0, =0.10.0, =2022.0.0rc1, =0.1.0, =1.5.2, =0.1.0rc3, =0.1.0, =2022.9.19, =0.5.0, =2.5.0, =2.5.0, =0.0.1, =0.0.2 and more Source cves: CVE-2024-1135 Source advisory: OSV:GHSA-W3H3-4RJ7-4PH4...

3m (=0.1.0), academic-emotion (=0.1.2) +926 more potentially affected by CVE-2024-3568 via transformers (>=2.10.0 <=4.37.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.3.0, =0.1.0, =0.2.5, =0.1.0, =0.0.1, =0.0.4, =0.0.4, =0.0.11, =0.0.13, =0.0.20 and more Source cves: CVE-2024-3568 Source advisory: OSV:GHSA-37Q5-V5QM-C9V8...

MGASA-2024-0096 Updated python3, python packages fix security vulnerabilities

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 The zipfile module is...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +155 more potentially affected by CVE-2024-1455 via langchain-core (>=0.0.1 <=0.1.33)

langchain-core PYPI version =0.0.1, =0.0.1, =0.8.0, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.3.5, =0.4.12 and more Source cves: CVE-2024-1455 Source advisory: OSV:GHSA-Q84M-RMW3-4382...