cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

ALSA-2026:4168 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3 security update

3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS parsing crafted tarfile headers Orabug: 37626372CVE-2024-6232 - Disable testsocket in the PGO...

OESA-2026-1460 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-1459 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-1458 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

python: Fix of 2 CVEs

CVE-2018-1060: fix catastrophic backtracking in APOP method, prevent denial of service, add input validation and enforce backtracking limits - CVE-2018-1061: fix catastrophic backtracking in the difflib.ISLINEJUNK method...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

ALSA-2026:3094 Important: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: python: protobuf:...

Security update for python

This update for python fixes the following issues: CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP header...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB Overview This exploi...

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +49 more potentially affected by CVE-2026-1777 via sagemaker (=3.12.0)

sagemaker PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on sagemaker and may be impacted: - admet-workbench =0.1.0, =0.4.4, =1.3.24, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source cves:...

SUSE-SU-2026:0337-1 Security update for python

This update for python fixes the following issues: - Modified CVE-2025-6075 fix to not use re.ASCII flag not available in Python 2.7 bsc1257064...

RHSA-2026:1537 Red Hat Security Advisory: python security update

Bulletin has no description...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-71004 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-71004 Source advisory: SNYK:PYTHON-ONEFLOW-15162566...

BIT-PYTHON-2025-12781 base64.b64decode() always accepts "+/" characters, despite setting altchars

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, where functions such as b64decode, standardb64decode, and urlsafeb64decode always accept the + and/or character, which may lead to data integrity issues...