CVE-2022-42043

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

Attackers Abuse TikTok and Instagram APIs

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, an...

aaiopay (>=0.2.1 <=0.2.2), aaz-dev (>=3.0.0 <=4.5.3) +4022 more potentially affected by CVE-2025-47273 via setuptools (>=15.2.0 <=78.1.0)

setuptools PYPI version =15.2.0, =0.2.1, =3.0.0, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.1.0, =0.2.6, =0.0.1, =0.0.6 and more Source cves: CVE-2025-47273 Source advisory: OSV:PYSEC-2025-49...

AZL-62438 CVE-2025-47273 affecting package setuptool 1.19.11-23

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +131 more potentially affected by CVE-2025-32962 via flask-appbuilder (>=4.1.2 <=4.5.4)

flask-appbuilder PYPI version =4.1.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.2.1, =0.4.0, =0.1.0a1, =0.8.2, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2025-32962 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-10182215...

2vyper (=0.3.0), ape-dasy (=0.1.0) +39 more potentially affected by CVE-2025-47774 via vyper (>=0.1.0b12 <=0.4.1)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.7.2, =0.0.1, =0.3.2 and more Source cves: CVE-2025-47774 Source advisory: OSV:GHSA-3VCG-J39X-CWFM...

ape-dasy (=0.1.0), ape-safe (>=0.7.0 <=0.7.1) +19 more potentially affected by CVE-2025-47285 via vyper (>=0.3.9 <=0.4.1)

vyper PYPI version =0.3.9, =0.7.0, =0.0.1, =0.5.5.post5, =0.5.5.post4, =0.1.1, =0.1.0, =0.9.0, =0.0.1, =0.0.1, =1.20.7, =0.0.1, =0.0.1, =0.3.4, =0.3.4b5 and more Source cves: CVE-2025-47285 Source advisory: SNYK:PYTHON-VYPER-10183408...

Oracle Linux 8 : python39:3.9 (ELSA-2025-4791)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4791 advisory. modwsgi 4.7.1-7.1 - Resolves: RHEL-87514 - CVE-2022-2255 python39:3.9/modwsgi: Trusted Proxy Headers Removing Bypass numpy python39 python3x-pip...

RHEL 8 : python39:3.9 (RHSA-2025:4791)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4791 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

python27:2.7 security update

An update is available for module.python-sqlalchemy, python-markupsafe, PyYAML, pytz, module.python-setuptoolsscm, python-docutils, python2, module.python-ipaddress, scipy, module.python-docutils, module.python-urllib3, python-mock, numpy, module.python-py, module.python-backports, python-chardet...

Ubuntu: Security Advisory (USN-7488-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

reactivated (>=0.40.2a2429 <=0.45.3a2797) potentially affected by unknown CVE via django-stubs (>=5.0.4 <=5.1.3)

django-stubs PYPI version =5.0.4, =0.40.2a2429, =0.45.3a2797 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DJANGOSTUBS-12671219...

acatome-chat (>=0.2.1 <=0.4.2), acatome-extract (>=0.2.0 <=0.6.1) +133 more potentially affected by CVE-2025-46656 via markdownify (>=0.10.3 <=0.13.1)

markdownify PYPI version =0.10.3, =0.2.1, =0.2.0, =1.0.1, =0.8.1, =0.15.0, =0.0.18, =0.3.3, =0.1.46, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.9 and more Source cves: CVE-2025-46656 Source advisory: OSV:GHSA-7MPR-5M44-H73R...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1800 more potentially affected by CVE-2025-3933 via transformers (>=2.10.0 <=4.51.3)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3933 Source advisory: SNYK:PYTHON-TRANSFORMERS-10247398...

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2555 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: SNYK:PYTHON-H11-10293728...

MAL-2025-191943 Malicious code in zmaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f4ac88a121488df2fdfa1cb5409f3443f658a30d679f20acc41dd2c656bd3b8 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

Malicious code in zsender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64454f4348553cc0321094cffaef685d8977dd95ccf1c07dc54e2b8b3c39a8f0 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.22-i586-1slack15.0.txz: Upgraded. This update fixes security issues: gh-131809 and gh-131261: Upgrade vendored expat to 2.7.1...

dev-laiser (>=0.0.2 <=0.2.17), dillema (>=0.1.1 <=0.1.6) +14 more potentially affected by CVE-2025-32381 via xgrammar (>=0.1.11 <=0.1.17)

xgrammar PYPI version =0.1.11, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.0.7, =1.2.0, =0.1.20, =0.0.2, =0.1.2, =1.2.0, =0.1.0, =0.19.0, =1.0.0rc1 and more Source cves: CVE-2025-32381 Source advisory: OSV:PYSEC-2025-235...

apls (>=0.0.6 <=0.1.0), datacube (=1.6.2) +15 more potentially affected by CVE-2025-29480 via gdal (>=2.1.0 <=2.4.4)

gdal PYPI version =2.1.0, =0.0.6, =0.1.0, =0.0.35, =0.1.0, =1.0.60, =0.0.4, =0.1.2, =1.0.16, =0.9.0, =0.0.6, =0.0.3, =0.1.0 - routing-ortools-osrm =1.0.1 and more Source cves: CVE-2025-29480 Source advisory: OSV:PYSEC-2025-117...