CVE-2025-0938

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

DEBIAN-CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

PT-2025-4103

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The issue concerns the Python standard library functions urllib.parse.urlsplit and urlparse accepting domain names with square brackets, which is not valid according to RFC 3986. Square bracke...

SUSE CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

awslabs-ccapi-mcp-server (>=1.0.1 <=1.0.18), bridgecrew (>=3.2.415 <=3.2.477) +9 more potentially affected by CVE-2025-24359 via asteval (=1.0.5)

asteval PYPI version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on asteval and may be impacted: - awslabs-ccapi-mcp-server =1.0.1, =3.2.415, =3.2.415, =0.1.130, =6.0.0, =5.8.0, =5.8.0, =0.0.8, =0.1.0, =0.14.3 Source cves: CVE-2025-24359 Source...

[SECURITY] Fedora 40 Update: mingw-python-jinja2-3.1.5-1.fc40

MinGW Windows Python jinja2 library...

BIT-PYTHON-MIN-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

Gradio Detection

An Gradio Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid213710; scriptversion"1.4";...

Medium: python-webob

Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...

composio-autogen (>=0.3.13 <=0.6.19), composio-camel (>=0.3.17 <=0.6.19) +16 more potentially affected by CVE-2024-53526 via composio-core (>=0.3.13 <=0.6.2)

composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.0.3, =0.0.7 and more Source cves: CVE-2024-53526 Source advisory: SNYK:PYTHON-COMPOSIOCORE-8605708...

agentiacap (>=0.1.0 <=0.1.1), arcana (>=0.3.0 <=0.6.1) +121 more potentially affected by unknown CVE via nipype (>=1.10.0 <=1.7.1)

nipype PYPI version =1.10.0, =0.1.0, =0.3.0, =0.2.5, =0.3.2, =3.0.0, =2020.12.2, =0.2.0.post1, =0.0.1, =0.2.5, =0.0.2, =0.2.1, =2.0.7, =1.61.2, =1.67.4 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-NIPYPE-8601497...

aleksis (>=2025.1.0 <=2025.1.1), aleksis-app-alsijil (>=4.0.0 <=4.0.0.dev9) +143 more potentially affected by unknown CVE via django-allauth (>=65.0.1 <=65.2.0)

django-allauth PYPI version =65.0.1, =2025.1.0, =4.0.0, =3.0.0.dev0, =4.0.0, =4.0.0, =0.1.0.dev0, =4.0.0, =3.0.0.dev0, =4.0.0.dev0, =4.0.0, =0.1.0.dev0, =0.3.0, =4.0.0, =0.1.0.dev1, =3.0.0, =3.0.0.dev0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DJANGOALLAUTH-8600545...

PT-2025-49260

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.24 through 2.5.9 Description urllib3 is a user-friendly HTTP client library for Python. In versions starting from 1.24 and prior to 2.6.0, the decompression chain had an unbounded number of links. This allowed a malicious...

a-api-server (=1.3.0), aau-ais-dipaal (>=0.1.22 <=0.1.29) +2298 more potentially affected by CVE-2024-56201 via jinja2 (>=3.0.0 <=3.1.4)

jinja2 PYPI version =3.0.0, =0.1.22, =1.0.2, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.3.0, =1.5.2, =1.5.6 and more Source cves: CVE-2024-56201 Source advisory: SNYK:PYTHON-JINJA2-8548987...

AZL-54647 CVE-2024-56326 affecting package python-jinja2 for versions less than 3.0.3-5

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

python-libarchive Python Library <= 4.2.1 Directory Traversal (CVE-2024-55587)

The version of the python-libarchive Python library that is installed on the remote host is 4.2.1 or prior. It is, therefore, affected by a directory traversal vulnerability. python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and...

CLSA-2024-1734027948 Update of python

Version was updated...

Pdoc Python Library <= 14.5.1 (CVE-2024-38526)

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1. Note that Nessus has not tested for this issue but...

EUVD-2024-3441

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

PT-2024-36562 · Unknown · Python-Libarchive

Name of the Vulnerable Software and Affected Versions: python-libarchive versions 4.2.1 and earlier Description: The issue allows directory traversal, enabling the creation of files in extract in zip.py for ZipFile.extractall and ZipFile.extract functions. This can be exploited to create files...