acido (=0.15.0), adstoolbox (>=2025.12.2.2 <=2026.5.19) +207 more potentially affected by CVE-2026-21226 via azure-core (>=1.10.0 <=1.37.0)

azure-core PYPI version =1.10.0, =2025.12.2.2, =0.1.12, =0.1.31, =0.1.1, =0.0.2, =0.0.53, =0.1.0, =0.9.0, =0.2.100, =0.2.123, =1.0.0, =1.0.0, =0.1.0b1, =0.1.0b2 and more Source cves: CVE-2026-21226 Source advisory: SNYK:PYTHON-AZURECORE-14927372...

GHSA-JM66-CG57-JJV5 Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability

...

CVE-2026-21226

CVE-2026-21226 affects the Azure Core shared client library for Python via deserialization of untrusted data, enabling remote code execution by an authorized attacker over the network. Affected product in the connected docs is the Azure Core Python package; remediation guidance across sources rec...

python311-Authlib-1.6.6-1.1 on GA media (moderate)

python311-Authlib-1.6.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10034-1 Rating: moderate Cross-References: CVE-2025-68158 CVSS scores: CVE-2025-68158 SUSE : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2025-68158 SUSE : 6.9...

CVE-2026-22690

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

filelock 安全漏洞

filelock is a Python file locker open source by tox development team. filelock version before 3.20.3 has a security vulnerability , the vulnerability stems from the SoftFileLock implementation of the existence of TOCTOU competition conditions , which may lead to locking operation failure or...

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +242 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

EUVD-2026-1561

picklescan has Arbitrary file read using io.FileIO...

CVE-2026-21892

Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1249 more potentially affected by CVE-2025-69230 via aiohttp (>=0.13.1 <=3.13.2)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69230 Source advisory: OSV:GHSA-FH55-R93G-J68G...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69230 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69230 Source advisory: SNYK:PYTHON-AIOHTTP-14872000...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69229 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69229 Source advisory: SNYK:PYTHON-AIOHTTP-14871954...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69226 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69226 Source advisory: SNYK:PYTHON-AIOHTTP-14871888...

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69224 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69224 Source advisory: SNYK:PYTHON-AIOHTTP-14871873...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1249 more potentially affected by CVE-2025-69223 via aiohttp (>=0.13.1 <=3.13.2)

aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69223 Source advisory: OSV:GHSA-6MQ8-RVHQ-8WGG...