PT-2025-30944 · Skops · Skops

Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below skops versions prior to 12.0.0 Description: skops is a Python library used for sharing and shipping scikit-learn based models. A vulnerability exists due to an inconsistency in the MethodNode component, allowin...

PT-2025-30943 · Skops +1 · Skops +1

Vulnerability Summary Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below Description: skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-51463 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-51463 Source advisory: SNYK:PYTHON-AIM-10875510...

trinity (>=0.1.0a28 <=0.1.0a36) potentially affected by CVE-2025-29606 via libp2p (>=0.1.1 <=0.1.5)

libp2p PYPI version =0.1.1, =0.1.0a28, =0.1.0a36 Source cves: CVE-2025-29606 Source advisory: SNYK:PYTHON-LIBP2P-10851401...

OESA-2025-1811 python-pycares security update

pycares is a Python module which provides an interface to c-ares.c-ares is a C library that performs DNS requests and name resolutions asynchronously. Security Fixes: pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name...

Information Exposure

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Information Exposure via the authenticateuser function in the /server/endpoints/lollmsauthentication.py file. An attacker can enumerate valid usernames and incrementally guess...

Model Context Protocol (MCP) Python Library Detection

An Model Context Protocol Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid241433; scriptversion"1.7";...

astra-assistants (>=2.3.0 <=2.4.5), fiftyone-mcp-server (>=0.1.0 <=0.1.2) +14 more potentially affected by CVE-2025-53365 via mcp (>=0.9.1 <=1.0.0)

mcp PYPI version =0.9.1, =2.3.0, =0.1.0, =1.2.8, =0.1.0, =1.0.0, =3.0.16, =0.2.0, =0.0.4, =0.0.5 - web-browser-mcp =0.1.1 and more Source cves: CVE-2025-53365 Source advisory: OSV:GHSA-J975-95F5-7WQH...

ROS-20250630-08

A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...

CVE-2025-52467

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

[SECURITY] Fedora 42 Update: mingw-python-setuptools-78.1.1-1.fc42

MinGW Windows Python setuptools library...

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-52467

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

AZL-64170 CVE-2025-50181 affecting package python-urllib3 for versions less than 1.26.19-2

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:PYSEC-2025-79...

SignXML 安全漏洞

SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from a timing attack flaw that could lead to HMAC key disclosure...

SignXML 安全漏洞

SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from an algorithm obfuscation flaw that could lead to the use of unintended keys to verify signatures...

[SECURITY] Fedora 42 Update: mingw-python-flit-core-3.12.0-1.fc42

MinGW Python flitcore library...