acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +242 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

EUVD-2026-1561

picklescan has Arbitrary file read using io.FileIO...

CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69230 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69230 Source advisory: SNYK:PYTHON-AIOHTTP-14872000...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1249 more potentially affected by CVE-2025-69230 via aiohttp (>=0.13.1 <=3.13.2)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69230 Source advisory: OSV:GHSA-FH55-R93G-J68G...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69229 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69229 Source advisory: SNYK:PYTHON-AIOHTTP-14871954...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69226 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69226 Source advisory: SNYK:PYTHON-AIOHTTP-14871888...

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69224 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69224 Source advisory: SNYK:PYTHON-AIOHTTP-14871873...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1249 more potentially affected by CVE-2025-69223 via aiohttp (>=0.13.1 <=3.13.2)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69223 Source advisory: OSV:GHSA-6MQ8-RVHQ-8WGG...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by unknown CVE via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MLFLOW-14806999...

MAL-2025-193008 Malicious code in telegreph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cca72e5a6a205d657e13d29aee3f5448061afd17f222f11db168ef8a20744992 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +78 more potentially affected by CVE-2025-68131 via cbor2 (>=5.0.1 <=5.7.1)

cbor2 PYPI version =5.0.1, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2025-68131 Source advisory: SNYK:PYTHON-CBOR2-14742478...

GHSA-955R-X9J8-7RHH Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling to operator.methodcaller function in reduce method - Then when...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1225 more potentially affected by CVE-2025-68664 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-68664 Source advisory: SNYK:PYTHON-LANGCHAINCORE-14560681...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14921 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14921 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564365...

[SECURITY] Fedora 42 Update: fonttools-4.61.0-1.fc42

fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and fr om an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...

CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...