apetest (>=0.1.0 <=0.1.1), mccole (>=0.2.0 <=4.0.0) potentially affected by CVE-2025-15104 via html5validator (>=0.3.3 <=0.4.2)

html5validator PYPI version =0.3.3, =0.1.0, =0.2.0, =4.0.0 Source cves: CVE-2025-15104 Source advisory: SNYK:PYTHON-HTML5VALIDATOR-15010792...

MGASA-2025-0289 Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

EUVD-2019-19040

Malware in sbrugna...

K000153042: Python urllib vulnerability CVE-2019-18348

Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...

ROS-20250630-08

A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2024-7760 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2024-7760 Source advisory: SNYK:PYTHON-AIM-9637809...

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

BIT-PYTHON-MIN-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

EUVD-2024-3441

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +114 more potentially affected by CVE-2024-37063 via ydata-profiling (>=4.0.0 <=4.7.0)

ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37063 Source advisory: OSV:GHSA-2R57-2MRH-GGJV...

Moodle 3.9.x < 3.9.14 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...

SUSE CVE-2019-16225

An issue was discovered in py-lmdb 0.97. For certain values of mpflags, mdbpagetouch does not properly set up mc-mcpgmc-top, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

PT-2022-37342 · Unknown +1 · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-math version 0.1.0 Description: The d8s-math library for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...