25 matches found
Black's vulnerable version parsing leads to RCE in GitHub Action
Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...
CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...
Conda-build 安全漏洞
Conda-build is a Conda open source command and tool for building conda packages. A security vulnerability exists in Conda-build versions prior to 25.3.0, which stems from the listing of unreleased dependencies in pyproject.toml and could lead to malicious code injection...
Updated python-ujson packages fix security vulnerability
Benchmark refactor - argparse CLI. Fix segmentation faults when errors occur while handling unserialisable objects. Fix segmentation fault when an exception is raised while converting a dict key to a string. Fix memory leak dumping on non-string dict keys - Fix ref counting on repeated default...
acceldata-o2a (=1.0.0), aleksis-builddeps (>=2021.12.0.post0 <=2022.6.1) +24 more potentially affected by CVE-2020-5252 via safety (>=0.3.0 <=1.8.7)
safety PYPI version =0.3.0, =2021.12.0.post0, =1.1.0, =0.9.0, =0.1.24, =2020.0.2, =0.0.0, =0.2.0.dev20170127093917, =0.1.0, =0.0.12, =0.0.1, =0.0.2 and more Source cves: CVE-2020-5252 Source advisory: OSV:GHSA-7Q25-QRJW-6FG2...