ace-step (=0.1.0), ambientagi (>=0.1.1 <=0.2.12) +39 more potentially affected by CVE-2025-48889 via gradio (>=5.0.0 <=5.29.1)

gradio PYPI version =5.0.0, =0.1.1, =0.0.1, =1.0.1, =0.1.2, =0.0.5, =0.1.0, =0.0.2, =0.1.0, =2.0.0, =1.1.8b3, =1.0.0, =2025.1.24, =2025.11.0b3 and more Source cves: CVE-2025-48889 Source advisory: SNYK:PYTHON-GRADIO-10265012...

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-5321 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-5321 Source advisory: SNYK:PYTHON-AIM-10288918...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1128 more potentially affected by CVE-2025-5320 via gradio (>=1.7.7 <=6.9.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2025-5320 Source advisory: SNYK:PYTHON-GRADIO-10265013...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2022-30885

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2...

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in versions prior to Open edX Platform 6740e75, which stems fro...

CVE-2025-47928

CVE-2025-47928 affects the Spotipy Python library for the Spotify Web API. The issue arises from using GitHub Actions pull_request_target, which can execute untrusted code from a fork with base-repo secrets in the context of the base repository. This can lead to exfiltration of secrets such as GI...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 18.0 (python-h11) security update

An update for python-h11 is now available for Red Hat OpenStack Platform 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

[SECURITY] Fedora 40 Update: python-h11-0.14.0-7.fc40

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...

[SECURITY] Fedora 42 Update: python-h11-0.14.0-7.fc42

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...

USN-7503-1 python-h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

RLSA-2024:4244 Moderate: python3.11-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

acatome-chat (>=0.2.1 <=0.4.2), acatome-extract (>=0.2.0 <=0.6.1) +133 more potentially affected by CVE-2025-46656 via markdownify (>=0.10.3 <=0.13.1)

markdownify PYPI version =0.10.3, =0.2.1, =0.2.0, =1.0.1, =0.8.1, =0.15.0, =0.0.18, =0.3.3, =0.1.46, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.9 and more Source cves: CVE-2025-46656 Source advisory: SNYK:PYTHON-MARKDOWNIFY-9833926...

LightDSA: a Python-Based Hybrid Digital Signature Library and Performance Analysis of RSA, DSA, ECDSA and EdDSA in Variable Configurations, Elliptic Curve Forms and Curves

Digital signature algorithms DSAs are fundamental to cryptographic security, ensuring data integrity and authentication. While RSA, DSA, ECDSA, and EdDSA are widely used, their performance varies significantly depending on key sizes, hash functions, and elliptic curve configurations. In this pape...

h11 环境问题漏洞

h11 is a small HTTP/1.1 library written from scratch in Python by the individual developer Nathaniel J. Smith. An environment issue vulnerability exists in versions of h11 prior to 0.16.0, which stems from improper parsing of line terminators and could lead to a request entrapment attack...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-29446 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-29446 Source advisory: SNYK:PYTHON-OPENWEBUI-9789616...

Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies

This project is a command line tool and python library that uses Wappalyzer extension and its fingerprints to detect technologies. Other projects emerged after discontinuation of the official open source project are using outdated fingerpints and lack accuracy when used on dynamic web-apps, this...

dev-laiser (>=0.0.2 <=0.2.17), dillema (>=0.1.1 <=0.1.6) +15 more potentially affected by CVE-2025-32381 via xgrammar (>=0.1.11 <=0.1.17)

xgrammar PYPI version =0.1.11, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.0.7, =1.2.0, =0.1.20, =0.0.2, =0.1.2, =1.2.0, =0.1.0, =0.1.2 and more Source cves: CVE-2025-32381 Source advisory: SNYK:PYTHON-XGRAMMAR-9724725...

BIT-PYTHON-MIN-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...