773 matches found
CLSA-2026-1771499011 python3: Fix of 3 CVEs
CVE-2025-15366: reject control characters in IMAP commands - CVE-2025-15367: reject control characters in POP3 commands - CVE-2026-1299: reject the incorrectly folded headers in "BytesGenerator"...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
SUSE CVE-2026-26007
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...
Malicious code in python-files-mod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
RLSA-2026:1086 Important: python-urllib3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RLSA-2026:1087 Important: python-urllib3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
GHSA-436V-JG82-P533 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...
CVE-2026-21531 Azure SDK for Python Remote Code Execution Vulnerability
...
OESA-2026-1286 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
MAL-2026-698 Malicious code in tableshow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fe9c764b4cb621cdd65c3dee4c4cf00cc273aab33642ebce5690b3d5c8d71e1 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
USN-7989-1 python-internetarchive vulnerability
Pengo Wray discovered that The Internet Archive Python Library incorrectly handled certain file paths when downloading files. An attacker could possibly use this issue to write files to arbitrary locations on the file system...
USN-7989-1: The Internet Archive Python Library vulnerability
Pengo Wray discovered that The Internet Archive Python Library incorrectly handled certain file paths when downloading files. An attacker could possibly use this issue to write files to arbitrary locations on the file system...
OESA-2026-1250 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...
OESA-2026-1249 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...
MAL-2026-603 Malicious code in mcp-pdftool-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2e92dea8be02288f271dacad2cd77f1bdd54596da1691cb738c4a7b7b4f77d21 When using the library, the hidden code starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign...