CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

DeepDiff 资源管理错误漏洞

DeepDiff is a Python library developed by Sep Dehpour. Versions of DeepDiff from 5.0.0 to 8.6.2 had a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on constructor parameters by the RestrictedUnpickler, which could lead to excessive memory consumption...

aana (>=0.2.1 <=0.2.2), acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9) +492 more potentially affected by CVE-2026-33155 via deepdiff (>=5.0.1 <=8.6.1)

deepdiff PYPI version =5.0.1, =0.2.1, =0.1.7, =3.0.0b853, =0.1.0, =0.0.1, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =2.8.5, =0.1.6, =0.2.0 and more Source cves: CVE-2026-33155 Source advisory: SNYK:PYTHON-DEEPDIFF-15692487...

DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

Summary The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have constructors that allocate memory proportional to their input builtins.bytes, builtins.list, builtins.range. A 40-byte...

GHSA-54JJ-PX8X-5W5Q DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

Summary The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have constructors that allocate memory proportional to their input builtins.bytes, builtins.list, builtins.range. A 40-byte...

aana (>=0.2.1 <=0.2.2), acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9) +492 more potentially affected by CVE-2026-33155 via deepdiff (>=5.0.1 <=8.6.1)

deepdiff PYPI version =5.0.1, =0.2.1, =0.1.7, =3.0.0b853, =0.1.0, =0.0.1, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =2.8.5, =0.1.6, =0.2.0 and more Source cves: CVE-2026-33155 Source advisory: OSV:GHSA-54JJ-PX8X-5W5Q...

Security Bulletin: Vulnerability in DeepDiff affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DeepDiff has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.5.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of deepdiff-8.5.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-58367 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class...

EUVD-2025-27049

Malicious code in bioql PyPI...

[SECURITY] Fedora 41 Update: python-deepdiff-8.6.1-1.fc41

Deep Difference of dictionaries, iterables, strings, and ANY other object. Includes additional modules with related functionality: DeepSearch: Search for objects within other objects. DeepHash: Hash any object based on their content. Delta: Store the difference of objects and apply them to other...

[SECURITY] Fedora 42 Update: python-deepdiff-8.6.1-1.fc42

Deep Difference of dictionaries, iterables, strings, and ANY other object. Includes additional modules with related functionality: DeepSearch: Search for objects within other objects. DeepHash: Hash any object based on their content. Delta: Store the difference of objects and apply them to other...

Fedora: Security Advisory (FEDORA-2025-6ecd8d4f9b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-ca5f759234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : python-deepdiff / python-orderly-set (2025-ca5f759234)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-ca5f759234 advisory. Update to 8.6.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 42 : python-deepdiff / python-orderly-set (2025-6ecd8d4f9b)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-6ecd8d4f9b advisory. Update to 8.6.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

openSUSE Security Advisory (SUSE-SU-2025:03127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : python-deepdiff (SUSE-SU-2025:03127-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03127-1 advisory. - CVE-2025-58367: class pollution via the Delta class constructor can lead to denial-of-service and remote code execution bsc1249347. Tenable has extracted...

Security update for python-deepdiff

This update for python-deepdiff fixes the following issues: CVE-2025-58367: class pollution via the Delta class constructor can lead to denial-of-service and remote code execution bsc1249347. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:03127-1 Security update for python-deepdiff

This update for python-deepdiff fixes the following issues: - CVE-2025-58367: class pollution via the Delta class constructor can lead to denial-of-service and remote code execution bsc1249347...