CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

CVE-2026-8328 vulnerabilities

Vulnerabilities for packages: python...

GHSA-J989-FGGP-QGP5 vulnerabilities

Vulnerabilities for packages: python...

GHSA-J989-FGGP-QGP5 vulnerabilities

Vulnerabilities for packages: python...

CVE-2026-8328 vulnerabilities

Vulnerabilities for packages: python...

aana (>=0.2.1 <=0.2.2), ace-step (=0.1.0) +227 more potentially affected by CVE-2026-44513 via diffusers (>=0.10.2 <=0.37.1)

diffusers PYPI version =0.10.2, =0.2.1, =1.8.20, =1.9.0, =0.0.0, =0.2.2, =0.0.2, =0.0.0, =0.1.0, =0.6.37, =0.0.4, =0.1.0, =0.1.0, =0.5.0 and more Source cves: CVE-2026-44513 Source advisory: OSV:PYSEC-2026-40...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44899 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44899 Source advisory: SNYK:PYTHON-MISTUNE-16697357...

2adif (=0.1.0), 3robotics (=0.0.1) +1562 more potentially affected by CVE-2026-42304 via twisted (>=16.0.0 <=25.5.0)

twisted PYPI version =16.0.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 - aha-scrapyd =1.3.0 and more Source cves: CVE-2026-42304 Source advisory: OSV:PYSEC-2026-160...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1118 more potentially affected by CVE-2026-45134 via langchain (>=0.0.100 <=0.3.3)

langchain PYPI version =0.0.100, =0.1.0, =0.1.3, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =3.2.0, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +392 more potentially affected by CVE-2026-44660 via ujson (>=1.33.0 <=5.12.0)

ujson PYPI version =1.33.0, =1.0.0, =2.0.0, =0.1.3, =0.1.0, =0.1.0, =1.1.5, =0.1.0, =0.1.1, =0.5.2, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2026-44660 Source advisory: OSV:GHSA-C38F-WX89-P2XG...

adaptive-kmpc-py (>=0.1.0 <=0.1.1), admetica (>=1.3.0 <=1.4.1) +227 more potentially affected by CVE-2026-31221 via lightning (>=2.0.0 <=2.6.0.dev20251123)

lightning PYPI version =2.0.0, =0.1.0, =1.3.0, =1.9.0, =1.9.0, =0.1.16, =0.3.0, =0.1.0, =0.1.0, =0.8.3b20230916, =0.8.3b20230916, =1.5.1b20260510 and more Source cves: CVE-2026-31221 Source advisory: SNYK:PYTHON-LIGHTNING-16643333...

a2cli (>=0.1.0 <=0.2.1), a2py (>=0.2.1 <=0.2.3) +851 more potentially affected by unknown CVE via mistralai (>=0.0.11 <=2.4.5)

mistralai PYPI version =0.0.11, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.1.36, =0.1.0, =0.1.0, =0.0.1, =0.1.2 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MISTRALAI-16641237...

11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +201 more potentially affected by CVE-2026-44199 via wagtail (>=1.0.0 <=7.0.0)

wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44199 Source advisory: OSV:PYSEC-2026-148...

11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +201 more potentially affected by CVE-2026-44201 via wagtail (>=1.0.0 <=7.0.0)

wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44201 Source advisory: OSV:PYSEC-2026-150...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44197 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44197 Source advisory: OSV:PYSEC-2026-146...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +299 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =1.0.5, =26.1.0, =2.0.2, =0.45.0, =0.51.0 - auditize =0.10.0 and more Source cves: CVE-2026-44432 Source advisory: SNYK:PYTHON-URLLIB3-16642059...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +299 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =1.0.5, =26.1.0, =2.0.2, =0.45.0, =0.51.0 - auditize =0.10.0 and more Source cves: CVE-2026-44432 Source advisory: OSV:GHSA-MF9V-MFXR-J63J...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44897 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44897 Source advisory: SNYK:PYTHON-MISTUNE-16624520...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44708 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44708 Source advisory: SNYK:PYTHON-MISTUNE-16624508...