aaronblaser-sdk (>=1.0.0 <=1.0.1), actoolkit (>=2.6.4 <=2.6.10) +272 more potentially affected by CVE-2023-43804 via urllib3 (>=2.0.0 <=2.0.5)

urllib3 PYPI version =2.0.0, =1.0.0, =2.6.4, =0.0.1, =0.1.1, =0.5.0, =0.1.23, =0.4.3, =0.4.1, =0.0.12, =0.0.14 and more Source cves: CVE-2023-43804 Source advisory: OSV:PYSEC-2023-192...

a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)

pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:PYSEC-2023-179...

SUSE SLES15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-2 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers an...

SUSE-SU-2023:2783-2 Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets

This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack,...

Malicious code in aliababcloud-tea-openapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 644686188e6f43d2dc595074d7644cba060e6a91b8de18713f4b551a76a6c3b7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index PyPI repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from...

agent-actors (=0.1.0), agentverse (>=0.1.5 <=0.1.8.1) +78 more potentially affected by CVE-2023-36281 via langchain (>=0.0.100 <=0.0.168)

langchain PYPI version =0.0.100, =0.1.5, =0.0.1, =0.0.5, =0.2.0, =0.1.1, =0.1.1, =0.0.0, =0.0.1, =0.1.0, =0.2.1, =0.1.0, =0.0.1, =0.0.3, =0.0.7 and more Source cves: CVE-2023-36281 Source advisory: OSV:PYSEC-2023-151...

Malicious code in python-aliyun-sdk-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 63f6387d6bfe7ae582be4478cf6a42a8104b44ea50b22489f5217ba2bfb3ce39 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

2vyper (=0.3.0), ape-dasy (=0.1.0) +49 more potentially affected by CVE-2023-39363 via vyper (>=0.1.0b12 <=0.4.3)

vyper PYPI version =0.1.0b12, =0.6.0, =0.5.0a1, =0.7.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.6.4 - blackadder =0.1.1 and more Source cves: CVE-2023-39363 Source advisory: OSV:PYSEC-2023-142...

170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +2742 more potentially affected by CVE-2023-37920 via certifi (>=2015.4.28 <=2023.5.7)

certifi PYPI version =2015.4.28, =0.3.0, =0.0.2, =0.0.6, =1.0.0, =0.1.0, =0.2.1, =1.0.0, =1.0.2, =0.1.1, =1.0.0, =0.1.0, =0.1.0, =1.0.0 - abuseipdb-wrapper =0.1.7 and more Source cves: CVE-2023-37920 Source advisory: OSV:PYSEC-2023-135...

a2grunnerp (>=0.1.0 <=0.1.8), abuseipdb-wrapper (=0.1.7) +400 more potentially affected by CVE-2022-40896 via pygments (>=1.6.0 <=2.15.0)

pygments PYPI version =1.6.0, =0.1.0, =2.0.0.1, =0.0.1, =1.3.0, =0.3.2, =0.4.0, =1.0.0, =0.4.0, =4.2.0, =4.2.3 and more Source cves: CVE-2022-40896 Source advisory: OSV:PYSEC-2023-117...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +231 more potentially affected by CVE-2023-22888 via apache-airflow (>=1.10.1 <=2.5.3)

apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2023-22888 Source advisory: OSV:PYSEC-2023-105...

aimmo (>=0.4.0b3098 <=0.27.4b5229), battlehack20 (>=1.0.0 <=1.1.0) +6 more potentially affected by CVE-2023-37271 via restrictedpython (>=4.0.0b4 <=5.2.0)

restrictedpython PYPI version =4.0.0b4, =0.4.0b3098, =1.0.0, =1.0.1, =1.1.1, =0.1.0, =0.3.4, =0.0.41, =0.1047.0, =1.7.36 Source cves: CVE-2023-37271 Source advisory: OSV:PYSEC-2023-118...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2023:4004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4004 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

aib2ofx (>=0.70.0a1 <=0.71.1), cooar-cli (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2023-34457 via mechanicalsoup (>=0.10.0 <=0.9.0.post4)

mechanicalsoup PYPI version =0.10.0, =0.70.0a1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.3, =0.4.11, =0.4.12 Source cves: CVE-2023-34457 Source advisory: OSV:PYSEC-2023-108...

SUSE-SU-2023:2783-1 Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets

This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack,...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +253 more potentially affected by CVE-2023-36053 via django (>=4.0.0 <=4.1.1)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.6.3, =0.9.3 and more Source cves: CVE-2023-36053 Source advisory: OSV:GHSA-JH3W-4VVF-MJGR...

New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries

In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine...

MGASA-2023-0186 Updated python-reportlab packages fix security vulnerability

Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details...

accord-nlp (>=0.1.0 <=0.1.8), adamix-gpt2 (>=0.0.1 <=0.0.2) +560 more potentially affected by CVE-2023-2800 via transformers (>=2.10.0 <=4.2.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.1, =0.3.0, =0.1.0, =0.1.0, =0.0.8, =0.0.4, =0.0.4, =0.0.11, =1.8.20, =0.0.3, =1.9.0, =1.0.0, =1.1.0 and more Source cves: CVE-2023-2800 Source advisory: OSV:GHSA-282V-666C-3FVG...