Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

ROOT-APP-PYPI-CVE-2025-69224 CVE-2025-69224 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69224 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

CVE-2026-54386

CVE-2026-54386 affects marimo prior to 0.23.9. A reflected XSS in the notebook page arises from improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string. An unauthenticated attacker can craft a link with a payload (notably starting with new ) that ...

Malicious Package

Overview spl-token-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-web3-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-cli-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-5338 Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

MAL-2026-5336 Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...

Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336 On import spltokenpy, the package's init.py collects sensitive files from the installer's machine — /.config/solana/id.json Solana wallet key,...

MAL-2026-5339 Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336 On import spltokenpy, the package's init.py collects sensitive files from the installer's machine — /.config/solana/id.json Solana wallet key,...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-rpds-py: python3-rpds-py-2026.5.1-1.hum1 aarch64, x8664 python-rpds-py-2026.5.1-1.hum1.src src...

cellist (>=1.0.0 <=1.1.1), feast-py (>=0.1.7 <=1.0.1) +1 more potentially affected by unknown CVE via spateo-release (>=1.0.2 <=1.1.1)

spateo-release PYPI version =1.0.2, =1.0.0, =0.1.7, =1.0.1 - feast-sim =0.1.7 Source cves: unknown CVE Source advisory: SNYK:PYTHON-SPATEORELEASE-17220148...

ROOT-APP-PYPI-CVE-2020-7212 CVE-2020-7212 in rootio-urllib3 - Patched by Root

Root has patched CVE-2020-7212 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-66416 CVE-2025-66416 in rootio-mcp - Patched by Root

Root has patched CVE-2025-66416 in the rootio-mcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-26303 CVE-2023-26303 in rootio-markdown_it_py - Patched by Root

Root has patched CVE-2023-26303 in the rootio-markdownitpy package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-39689 CVE-2024-39689 in rootio-certifi - Patched by Root

Root has patched CVE-2024-39689 in the rootio-certifi package for Root:PyPI. Multiple fixed versions available...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

OPENSUSE-SU-2026:20887-1 Security update for python-PyMuPDF

This update for python-PyMuPDF fixes the following issues: Changes in python-PyMuPDF: - CVE-2026-3029: Fixed path traversal and arbitrary file write via the embeddedget function in main.py bsc1259921...