Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Cvelist
Cvelistadded 2026/04/20 4:25 p.m.30 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS0.00236EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/04/20 12:0 a.m.7 views

python-dotenv 安全漏洞

python-dotenv is a Python environment management tool developed by Saurabh Kumar. Versions of python-dotenv prior to version 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setkey and unsetkey functions when dealing with symbolic links, which could allo...

6.6CVSS7.3AI score0.00236EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.7 views

PT-2026-33800

Name of the Vulnerable Software and Affected Versions python-dotenv versions prior to 1.2.2 Description The set key and unset key functions in python-dotenv follow symbolic links when rewriting .env files. This occurs when the rewrite context manager in dotenv/main.py writes to a temporary file i...

6.6CVSS7.8AI score0.00236EPSS
Exploits1References24
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/08 12:37 a.m.6 views

Malicious code in python-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bf133022adafc8949f152dac2e99730580ca64a570cf0aeae36b7f81f3c1db9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSVadded 2025/10/08 12:37 a.m.4 views

MAL-2025-48037 Malicious code in python-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bf133022adafc8949f152dac2e99730580ca64a570cf0aeae36b7f81f3c1db9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
EUVD
EUVDadded 2025/10/08 12:37 a.m.4 views

EUVD-2025-32984

Malicious code in python-dotenv npm...

6.6AI score
Exploits0References1
Snyk
Snykadded 2025/10/08 12:37 a.m.5 views

Malicious Package

Overview python-dotenv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder