Lucene search
K

283629 matches found

OSV
OSV
added 4 hours ago2 views

PYSEC-2026-3433 yt-dlp: Arbitrary code execution via manifest downloads with aria2c

Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

8.3CVSS6.5AI score0.00406EPSS
Exploits0References8
PyPA
PyPA
added 4 hours ago1 views

yt-dlp: Arbitrary code execution via manifest downloads with aria2c

SummaryIf aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

9.6CVSS0.00406EPSS
Exploits0References8Affected Software1
OSV
OSV
added 4 hours ago0 views

PYSEC-2026-2486 Galaxy NG: command injection vulnerability

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.4AI score0.00889EPSS
Exploits0References6
PyPA
PyPA
added 4 hours ago1 views

Galaxy NG: command injection vulnerability

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS0.00889EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 4 hours ago1 views

PDM: Project-Local State and Config Writes Follow Symlinks

SummaryPDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets.This creates an arbitrary file clobber primitive relative to the privileges of the...

6.8CVSS0.00024EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 4 hours ago1 views

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

SummaryPDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins.Th...

8.4CVSS0.00028EPSS
Exploits0References6Affected Software1
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2863 PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

8.4CVSS0.00028EPSS
Exploits0References6
OSV
OSV
added 4 hours ago2 views

PYSEC-2026-2862 PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

6.8CVSS6.3AI score0.00024EPSS
Exploits0References6
OSV
OSV
added 4 hours ago2 views

PYSEC-2026-2971 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

8.7CVSS0.00058EPSS
Exploits0References6
PyPA
PyPA
added 4 hours ago2 views

rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

SummaryEntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an...

8.7CVSS0.00058EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 4 hours ago1 views

Apache Airflow: Execution API JWT leaked via KubernetesExecutor worker command-line args

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

8.8CVSS0.00489EPSS
Exploits0References6Affected Software1
OSV
OSV
added 4 hours ago2 views

PYSEC-2026-2358 Apache Airflow: Execution API JWT leaked via KubernetesExecutor worker command-line args

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

8.8CVSS6.1AI score0.00489EPSS
Exploits0References6
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2857 ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

8.6CVSS0.00557EPSS
Exploits0References7
PyPA
PyPA
added 4 hours ago2 views

ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env

ImpactA Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover.The vulnerability CWE-426: Untrusted Search Path & CWE-15:...

8.6CVSS0.00557EPSS
Exploits0References7Affected Software1
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2464 Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS0.00555EPSS
Exploits0References7
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2423 compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...

8.4CVSS0.0005EPSS
Exploits0References7
PyPA
PyPA
added 4 hours ago2 views

Shamefile has an arbitrary file read via shamefile.yaml in shame next

ImpactA path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. PatchesFixed in 0.1.7. Upgrade to eithe...

5.5CVSS0.00013EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 4 hours ago2 views

Dulwich Vulnerable to Command Injection via Merge Driver Path

SummaryDulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS0.00555EPSS
Exploits0References7Affected Software1
OSV
OSV
added 4 hours ago2 views

PYSEC-2026-3065 Shamefile has an arbitrary file read via shamefile.yaml in shame next

Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...

5.5CVSS0.00013EPSS
Exploits0References8
PyPA
PyPA
added 4 hours ago1 views

compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)

A High severity Server-Side Template Injection SSTI vulnerability exists in the trestle author jinja command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads in...

7.8CVSS0.00022EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder