Amazon Linux 2023 : policycoreutils, policycoreutils-dbus, policycoreutils-devel (ALAS2023-2026-1663)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1663 advisory. An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is...

Security Bulletin: Vulnerability in Ply affects IBM Netezza Appliance

Summary The Ply package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-56005 Vulnerability Details CVEID:CVE-2025-56005 DESCRIPTION: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via...

Mageia: Security Advisory (MGASA-2026-0079)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-ply packages fix security vulnerability

Unsafe pickle file handling in Ply. CVE-2025-56005...

MGASA-2026-0079 Updated python-ply packages fix security vulnerability

Unsafe pickle file handling in Ply. CVE-2025-56005...

Fedora: Security Advisory (FEDORA-2026-516db080b7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 44 : python-pycparser (2026-1594a9755b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1594a9755b advisory. Remove unsafe dead code CVE-2025-56005 from the bundled ply Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 44 : python-ply (2026-c081ac890b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c081ac890b advisory. Security fix for CVE-2025-56005 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 43 : python-ply (2026-516db080b7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-516db080b7 advisory. Security fix for CVE-2025-56005 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 45 : python-ply (2026-47a943ac72)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-47a943ac72 advisory. Automatic update for python-ply-3.11-33.fc45. Changelog Wed Mar 25 2026 Charalampos Stratakis - 3.11-33 - Security fix for CVE-2025-56005 - Fixes: rhbz243798...

Fedora 45 : pypy (2026-7585365ba3)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7585365ba3 advisory. Automatic update for pypy-7.3.21-3.fc45. Changelog Thu Mar 19 2026 Charalampos Stratakis - 7.3.21-2 - Security fix for CVE-2025-56005 for the bundled ply...

Fedora 45 : pypy3.10 (2026-06635fd623)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-06635fd623 advisory. Automatic update for pypy3.10-7.3.19-11.3.10.fc45. Changelog Thu Mar 19 2026 Charalampos Stratakis - 7.3.19-11 - Security fix for CVE-2025-56005 for the...

OESA-2026-1597 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

OESA-2026-1596 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

OESA-2026-1595 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

OESA-2026-1594 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

📄 PLY 3.11 Arbitrary Code Execution

An undocumented and unsafe feature in the PyPI‑distributed version of PLY version 3.11 allows arbitrary code execution when the yacc function is invoked with the picklefile parameter. 🚨 Undocumented Remote Code Execution in PLY CVE‑2025‑56005 CVE ID: CVE‑2025‑56005 Reported by: Ahmed Abd Disclosu...

CVE-2025-56005

An arbitrary code execution vulnerability was discovered in PLY Python Lex-Yacc. When an application uses PLY's undocumented picklefile parameter to load cached parser data, the library deserializes the pickle file without validation. If an attacker can supply or modify the pickle file being...

SUSE CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

Linux Distros Unpatched Vulnerability : CVE-2025-56005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function...