askbase (>=1.0.0 <=1.0.2), auto-survey (>=0.1.0 <=0.2.4) +26 more potentially affected by CVE-2026-47214 via docling (>=2.10.0 <=2.93.0)

docling PYPI version =2.10.0, =1.0.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =4.0.2 - mellea =0.0.1 and more Source cves: CVE-2026-47214 Source advisory: SNYK:PYTHON-DOCLING-17151773...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +41558 more potentially affected by CVE-2026-34993 via aiohttp (>=3.0.0b0 <=3.13.5)

aiohttp PYPI version =3.0.0b0, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2026-34993 Source advisory: SNYK:PYTHON-AIOHTTP-17146576...

ROOT-APP-PYPI-CVE-2026-26331 CVE-2026-26331 in rootio-yt-dlp - Patched by Root

Root has patched CVE-2026-26331 in the rootio-yt-dlp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-24793 CVE-2025-24793 in rootio-snowflake-connector-python - Patched by Root

Root has patched CVE-2025-24793 in the rootio-snowflake-connector-python package for Root:PyPI. Multiple fixed versions available...

1zlab-emp-ide (=0.0.3), 1zlab-homepage (>=0.0.2 <=0.0.3) +11108 more potentially affected by CVE-2026-7666 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =0.0.2, =2.2.0, =0.1.0, =0.1.0.1, =0.1.1, =0.2.0, =0.0.4a0, =0.0.7, =0.1.10 and more Source cves: CVE-2026-7666 Source advisory: OSV:PYSEC-2026-200...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1421 more potentially affected by CVE-2026-6873 via django (>=5.2.0 <=5.2.14)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2026-6873 Source advisory: OSV:PYSEC-2026-199...

apache-airflow-providers-amazon (>=9.7.0 <=9.8.0rc1), arrow-pd-parser (>=1.0.0 <=1.0.4) +43 more potentially affected by CVE-2026-8838 via redshift-connector (>=2.0.888 <=2.1.13)

redshift-connector PYPI version =2.0.888, =9.7.0, =1.0.0, =0.1.1, =2.0.0, =0.1.7, =0.31.6, =0.1.17, =2.3.0.dev3, =1.0.0a2, =0.4.0, =0.0.1, =0.3.64, =6.1.2, =0.5.2, =1.5.0, =1.9.1 and more Source cves: CVE-2026-8838 Source advisory: SNYK:PYTHON-REDSHIFTCONNECTOR-17111071...

Linux Distros Unpatched Vulnerability : CVE-2026-48526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC...

PT-2026-44397

Name of the Vulnerable Software and Affected Versions PyJWT versions 2.8.0 through 2.12.1 Description When verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, the software performs Base64URL decoding of the compact-serialization payload segment before enforcin...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +806 more potentially affected by CVE-2026-47102 via litellm (>=1.0.0 <=1.83.1)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-47102 Source advisory: SNYK:PYTHON-LITELLM-16795354...

apna-experiment-sdk (>=0.1.0 <=0.4.10), askui (>=0.22.12 <=0.34.0) +39 more potentially affected by CVE-2026-31072 via apscheduler (>=4.0.0a2 <=4.0.0a6)

apscheduler PYPI version =4.0.0a2, =0.1.0, =0.22.12, =1.0.1, =3.8.0, =1.3.0, =3.0.0a0, =0.1.5, =2.0.5, =0.15.1, =0.0.3, =0.1.0rc0, =2.0.0, =8.4.0, =8.7.0 and more Source cves: CVE-2026-31072 Source advisory: SNYK:PYTHON-APSCHEDULER-16787181...

Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

Astra Linux - уязвимость в python-urllib3

urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

[SECURITY] Fedora 44 Update: python-urllib3-2.7.0-1.fc44

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...

Impacket 0.13.1

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

01os (>=0.0.5 <=0.0.13), 1claw-crewai-tools (=0.1.0) +1779 more potentially affected by CVE-2026-45829 via chromadb (>=0.3.21 <=1.5.9)

chromadb PYPI version =0.3.21, =0.0.5, =0.1.3, =0.1.0, =0.1.0, =1.0.0, =0.2.0, =0.6.4, =0.0.4, =0.1.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-45829 Source advisory: SNYK:PYTHON-CHROMADB-16758047...

[SECURITY] Fedora 44 Update: GitPython-3.1.50-1.fc44

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...