Incorrect Permission Assignment for Critical Resource

Overview anthropic is a The official Python library for the anthropic API Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the local filesystem memory tool due to files being created with overly permissive permissions. An attacker can...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34447 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34447 Source advisory: SNYK:PYTHON-ONNX-15873763...

MAL-2026-2405 Malicious code in eht-account (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e1fa4f35985059ad18e3e325fc65e1d25a5692cc9690a4b15af2d76492b95fe Clones of a legitimate library. During processing the private key, it's getting exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious inten...

CLSA-2026-1775059689 python: Fix of CVE-2025-15367

CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines...

CLSA-2026-1775058454 python: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands to prevent command injection...

OPENSUSE-SU-2026:10476-1 python311-Pygments-2.20.0-2.1 on GA media

These are all security issues fixed in the python311-Pygments-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-34452

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34452

CVE-2026-34452 (Claude SDK for Python) affects the async local filesystem memory tool in the Anthropic Python SDK. From versions 0.86.0 up to before 0.87.0, path validation incorrectly allowed union of model-supplied paths to be validated inside the sandbox but the unresolved path to be used for ...

[SECURITY] Fedora 44 Update: python-pycparser-2.22-8.fc44

pycparser is a complete parser for the C language, written in pure Python. It is a module designed to be easily integrated into applications that need to parse C source code...

Linux Distros Unpatched Vulnerability : CVE-2026-33936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdD...

OESA-2026-1775 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

CLSA-2026-1774614606 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

CLSA-2026-1774613805 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

Langflow Detection

A Langflow Python library is installed on the remote host. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid303796; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/03/26"; scriptnameenglish:"Langflow Detection";...

SUSE-SU-2026:20933-1 Security update for python-ldap

This update for python-ldap fixes the following issues: - CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. - CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913...

entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +24 more potentially affected by CVE-2026-24159 via nemo-toolkit (>=2.0.0rc0 <=2.6.1)

nemo-toolkit PYPI version =2.0.0rc0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =5.0.7 and more Source cves: CVE-2026-24159 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15912093...

entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +24 more potentially affected by CVE-2026-24157 via nemo-toolkit (>=2.0.0rc0 <=2.6.1)

nemo-toolkit PYPI version =2.0.0rc0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =5.0.7 and more Source cves: CVE-2026-24157 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15912166...

OPENSUSE-SU-2026:10416-1 python313-PyMuPDF-1.27.2.2-1.1 on GA media

These are all security issues fixed in the python313-PyMuPDF-1.27.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +80 more potentially affected by CVE-2026-26209 via cbor2 (>=5.0.1 <=5.8.0)

cbor2 PYPI version =5.0.1, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-26209 Source advisory: SNYK:PYTHON-CBOR2-15762225...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...