CVE-2026-6357 affecting package python-virtualenv for versions less than 20.36.1-4

CVE-2026-6357 affecting package python-virtualenv for versions less than 20.36.1-4. A patched version of the package is available...

CVE-2026-6357 affecting package python-pip for versions less than 24.2-8

CVE-2026-6357 affecting package python-pip for versions less than 24.2-8. A patched version of the package is available...

CVE-2026-3219 affecting package python-virtualenv for versions less than 20.36.1-4

CVE-2026-3219 affecting package python-virtualenv for versions less than 20.36.1-4. A patched version of the package is available...

CVE-2026-3219 affecting package python-pip for versions less than 24.2-8

CVE-2026-3219 affecting package python-pip for versions less than 24.2-8. A patched version of the package is available...

ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root

Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-35523 CVE-2026-35523 in rootio-strawberry-graphql - Patched by Root

Root has patched CVE-2026-35523 in the rootio-strawberry-graphql package for Root:PyPI. Multiple fixed versions available...

Exploit for Server-Side Request Forgery in Apeworx Web3.Py

CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE...

Security Bulletin: IBM watsonx.ai on Cloud Pak for Data is vulnerable to python-Python-3.12.0b4 (Publicly disclosed vulnerability found by Mend) due to python pip package ( CVE-2023-5752, PRISMA-2022-0168)

Summary IBM watsonx.ai on Cloud Pak for Data internally uses CVE-2023-5752 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

cve-2026...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744-MCPJAM-RCE-exploit This Python proof-of-concept...

Fedora 43 : python-starlette (2026-e0f378428e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e0f378428e advisory. Backport fix for CVE-2026-48710 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

OPENSUSE-SU-2026:10963-1 python311-aiohttp-3.14.0-1.1 on GA media

These are all security issues fixed in the python311-aiohttp-3.14.0-1.1 package on the GA media of openSUSE Tumbleweed...

Security update for python-pyOpenSSL (moderate)

openSUSE security update: security update for python-pyopenssl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20897-1 Rating: moderate References: bsc1262803 Cross-References: CVE-2026-40475 CVSS scores: CVE-2026-40475 SUSE : 5.5...

Fedora 44 : python-starlette (2026-3bce8d3f11)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3bce8d3f11 advisory. Backport fix for CVE-2026-48710 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2026-48522

A flaw was found in PyJWT, a JSON Web Token implementation in Python. The PyJWKClient component, prior to version 2.13.0, directly passes its Uniform Resource Identifier URI argument to urllib.request.urlopen. This allows a remote attacker, by influencing the application's jku URL ingestion path,...

CVE-2026-48524

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. A remote attacker can exploit this vulnerability by sending specially crafted JWTs with unknown 'kid' key ID values. This can force the PyJWKClient.getsigningkey function to make an unlimited number of unrate-limit...

MAL-2026-5184 Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

CVE-2026-10801

CVE-2026-10801 affects modelscope ms-swift up to 4.2.0 and targets the PIL Image Cache Key Handler, specifically the function Template._save_pil_image in swift/template/base.py. The issue is a manipulation that results in the use of a weak hash, enabling a local attack. The CVE notes a high attac...