Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Python vulnerabilities (USN-7886-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7886-1 advisory. It was discovered that Python inefficiently handled expanding system environment variables. A...

TencentOS Server 3: python39 and python39-devel (TSSA-2023:0114)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0114 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: AIX/VIOS is affected by multiple vulnerabilities due to Python

Summary There are multiple vulnerabilities in Python used by AIX CVE-2025-59375, CVE-2024-47081, CVE-2025-6965, CVE-2024-5642. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-59375 DESCRIPTION: libexpat in Expat before 2.7.2 allows attacke...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering conditions and one potential Elevation of Privilege issue due to the use of Python CVE-2025-0938, CVE-2025-47273, CVE-2025-1795. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A...

EUVD-2018-1791

Malware in sbrugna...

EUVD-2022-5723

Malicious code in bioql PyPI...

SecureFixAgent: a Hybrid LLM Agent for Automated Python Static Vulnerability Repair

Modern software development pipelines face growing challenges in securing large codebases with extensive dependencies. Static analysis tools like Bandit are effective at vulnerability detection but suffer from high false positives and lack repair capabilities. Large Language Models LLMs, in...

USN-7710-1: Python vulnerabilities

It was discovered that Python inefficiently parsed maliciously crafted HTML input. An attacker could possibly use this issue to cause a denial of service. CVE-2025-6069 It was discovered that Python incorrectly parsed maliciously crafted Tar archives. An attacker could possibly use this issue to...

USN-7710-1 python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4 vulnerabilities

It was discovered that Python inefficiently parsed maliciously crafted HTML input. An attacker could possibly use this issue to cause a denial of service. CVE-2025-6069 It was discovered that Python incorrectly parsed maliciously crafted Tar archives. An attacker could possibly use this issue to...

CVE-2025-8194 vulnerabilities

Vulnerabilities for packages: python...

SUSE-SU-2025:02701-1 Security update for python

This update for python fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-1097)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1097 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgra...

GHSA-C266-VJJR-2V8J vulnerabilities

Vulnerabilities for packages: python...

GHSA-C266-VJJR-2V8J vulnerabilities

Vulnerabilities for packages: python...

NewStart CGSL MAIN 7.02 : python-cryptography Multiple Vulnerabilities (NS-SA-2025-0151)

The remote NewStart CGSL host, running version MAIN 7.02, has python-cryptography packages installed that are affected by multiple vulnerabilities: - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto woul...

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0109)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Python package (CVE-2024-6232, CVE-2024-7592, CVE-2024-7592)

Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...

Amazon Linux 2 : python3 (ALAS-2025-2923)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2923 advisory. There is an issue in CPython when using bytes.decodeunicodeescape, error=ignore|replace. If you are not using the...

Alibaba Cloud Linux 3 : 0107: python3 (ALINUX3-SA-2025:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-12718: Allows modifying some file...