MAL-2026-1004 Malicious code in request-httpx-9 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d8547656202b4eac0d914d466c2fe1d3bf17210c63af75ac2d8e020f5d0ef28c The package contains a Telegram bot running allowing for remote access. This functionality is disclosed in the readme, but the package name clearly indicates...

Malicious code in cnnct-eaas-corre (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 2111dcd49405f8c078842cf7af9cfe21ddb54f558d66f2949da752d0e62cddd1 This package appears to be a typo-squatting attempt targeting connect-eaas-core...

MAL-2026-1001 Malicious code in request-httpx-4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0c661d240f626319e5ff1e52562ca1d4a8a6c741126a91e4d46a9ed639cfc0d The package contains a Telegram bot running allowing for remote access. This functionality is disclosed in the readme, but the package name clearly indicates...

ALSA-2026:3095 Important: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: python: protobuf:...

openSUSE Security Advisory (SUSE-SU-2026:0590-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2026-984 Malicious code in myasicapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62067570b5217e75a025ba09e5e4f0d059439d8a7d30e056bdd501fe97e4f844 The code and related Github project promise to monitor hardware cryptominers. However, the code additionally hides two malicious capabilities functionalities: ...

MAL-2026-979 Malicious code in home-robot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5296b22d674fc768fb08662c83b8de3fd07455f6fc2d4f7b433319551cb808e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +751 more potentially affected by CVE-2026-2033 via mlflow-skinny (>=3.0.0 <=3.8.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2026-2033 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698157...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2026:0590-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0590-1 advisory. - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel...

ROOT-APP-PYPI-CVE-2022-38170 CVE-2022-38170 in rootio-apache-airflow - Patched by Root

Root has patched CVE-2022-38170 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-22887 CVE-2023-22887 in rootio-apache-airflow - Patched by Root

Root has patched CVE-2023-22887 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-35908 CVE-2023-35908 in rootio-apache-airflow - Patched by Root

Root has patched CVE-2023-35908 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...

Malicious code in printrables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 062cd723b198a3d0af641a78b343642653fb80f4cbf527be765bb4e520cbd3ed Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

MAL-2026-951 Malicious code in printrables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 062cd723b198a3d0af641a78b343642653fb80f4cbf527be765bb4e520cbd3ed Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

python311-nltk-3.9.1-3.1 on GA media (moderate)

python311-nltk-3.9.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10226-1 Rating: moderate Cross-References: CVE-2025-14009 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

MAL-2026-949 Malicious code in ethrpc-keys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f086c363123d21b52dc28b5a642db6c1eb84e01dc519995435476b19655d63a9 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...

Malicious code in telebot-infoe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-934 Malicious code in telebot-infoe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

GHSA-7P94-766C-HGJP NLTK has a Zip Slip Vulnerability

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

PYSEC-2026-96

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...