aldryn-django (=4.2.10.0), alertwise (=1.0.0) +93 more potentially affected by CVE-2024-53908 via django (>=4.2.0 <=4.2.16)

django PYPI version =4.2.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.4.0, =4.16.2, =4.8.0, =8.0.0, =5.2.0, =5.2.2 - cpu-utilization-monitoring =0.1.3 and more Source cves: CVE-2024-53908 Source advisory: OSV:PYSEC-2024-157...

allianceauth (=5.0.0a1), anime-quiz (=1.0.0) +181 more potentially affected by CVE-2024-53907 via django (>=5.1.0 <=5.1.3)

django PYPI version =5.1.0, =0.42.1, =1.23.0, =0.46.0, =24.1.0, =0.2.0, =0.1.0, =0.1.6, =0.6.0, =0.8.0 and more Source cves: CVE-2024-53907 Source advisory: OSV:PYSEC-2024-156...

CVE-2024-53865

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...

Malicious Package

Overview aiocpa is a malicious package. This package contains malicious code steals sensitive information from the victim. Remediation Avoid using all malicious instances of the aiocpa package. References - Phylum Blog Credit: Phylum Research Team...

accutuning-helpers (>=1.0.32 <=1.1.0), al-for-design (=0.0.1) +244 more potentially affected by CVE-2024-43598 via lightgbm (>=2.1.1 <=4.5.0)

lightgbm PYPI version =2.1.1, =1.0.32, =1.1.2, =0.1.0, =0.10.0.dev0, =0.3.8.2, =0.2.7, =0.3.2, =0.0.1, =1.0.71, =0.1.0, =0.0.4, =1.2.1b20250306 and more Source cves: CVE-2024-43598 Source advisory: OSV:PYSEC-2024-231...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

aistrainer (>=0.0.1 <=0.0.13), aivoifu (>=0.2.8 <=0.2.9) +21 more potentially affected by unknown CVE via deepspeed (>=0.10.2 <=0.15.1)

deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEEPSPEED-8320951...

acedeploy (>=2.4.15 <=2.4.115), authz-analyzer (=0.1.1) +27 more potentially affected by CVE-2024-49750 via snowflake-connector-python (>=3.0.0 <=3.12.2)

snowflake-connector-python PYPI version =3.0.0, =2.4.15, =0.1.0, =0.4.0, =0.2.1, =0.0.12, =4.5.0, =0.2.0, =0.0.14, =0.0.83, =0.2.13a0 - nuvolos =0.5.1 - oc-pipelinewise-target-snowflake =2.2.0 and more Source cves: CVE-2024-49750 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-8303773...

PYSEC-2024-191

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

[SECURITY] Fedora 40 Update: python-openapi-core-0.19.4-3.fc40

Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...

Malicious code in pycolorlib (PyPI)

--- -= Per source details. Do not edit below this line.=-...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

[SECURITY] [DSA 5791-1] python-reportlab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5791-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq -...

PYSEC-2024-168

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

CVE-2024-47833

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

PYSEC-2024-109

DeepSpeed Remote Code Execution Vulnerability...

CLSA-2024-1728071619 python: Fix of 2 CVEs

CVE-2024-7592: fix algorithm with quadratic complexity to avoid using excess CPU resources while parsing the cookie value - CVE-2024-6232: fix regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing and was vulnerable to ReDoS via specifically-crafted tar...

Google AI Platform (VertexAI SDK) Detection

A Google AI Platform Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208126; scriptversion"1.5";...

Tensorflow-hub Detection

A Tensorflow-hub Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208141; scriptversion"1.6";...