CVE-2025-46724

Langroid CVE-2025-46724 affects TableChatAgent, where untrusted input can trigger code injection via pandas_eval in TableChatAgent prior to v0.53.15. The project added a WAF in pandas_utils.py and warnings, with a patch in v0.59.32 that blocks the bypass. However, subsequent disclosures (CVE-2026...

PT-2025-22276

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.53.15 Description The issue concerns Langroid, a Python framework for building large language model LLM-powered applications. In versions prior to 0.53.15, the TableChatAgent uses pandas eval, which may be vulnerab...

Flask 安全漏洞

Flask is a Python microframework for building web applications open-sourced by Pallets. A security vulnerability exists in Flask version 3.1.0 that stems from mishandling of the key fallback configuration, which could result in session signing with an expired key...

[SECURITY] Fedora 41 Update: python-django4.2-4.2.20-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2025-21618

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...

CVE-2024-45601

Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...

CVE-2025-21618 NiceGUI On Air authentication issue

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...

Google Mesop 安全漏洞

Google Mesop is a Python-based UI framework from Google, Inc USA. A security vulnerability exists in Google Mesop version 0.9.0 through versions prior to 0.12.4, which stems from insufficient input validation and could allow unauthorized access to files on the server...

CVE-2024-41129

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-41129

The CVE-2024-41129 issue affects the ops library (Python framework used with Juju charms) where secret content can be passed as a CLI argument, potentially exposing secrets via subprocess.CalledProcessError logging. Connected Red Hat, Veracode, OSV, and CVE records confirm the root cause and indi...

CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-39903 Local File Inclusion in Solara

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI...

Solara Security Breach

Solara is a pure Python, React style framework open sourced by widgetti. It is used to extend Jupyter and web applications. A security vulnerability exists in Solara versions prior to 1.35.1, which stems from a failure to properly validate a URI fragment for a directory traversal sequence, which...

CVE-2024-32979

Nautobot (a Django-based network automation platform) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability due to improper handling and escaping of user-supplied query parameters. All filterable object-list views are susceptible to injecting malicious scripts via crafted URLs, pote...

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray framew...

USN-6623-1: Django vulnerability

It was discovered that Django incorrectly handled certain inputs that uses intcomma template filter. An attacker could possibly use this issue to cause a denial of service...

pocsuite3

This is a Python-based framework for remote vulnerability testing and proof-of-concept development, called pocsuite3. It is developed by the Knownsec 404 Team and is designed for penetration testers and security researchers. The framework comes with a powerful proof-of-concept engine and various...

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

CVE-2023-50263

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...

CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...