2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-32058 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-32058 Source advisory: OSV:PYSEC-2023-78...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +147 more potentially affected by CVE-2023-30172 via mlflow (>=0.8.2 <=2.0.0rc0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2023-30172 Source advisory: OSV:PYSEC-2023-70...

[SECURITY] Fedora 36 Update: python-setuptools-59.6.0-4.fc36

Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that...

MGASA-2023-0140 Updated python-certifi packages fix security vulnerability

Disable bundled Trustcor root cerificate signatures generated after Wednesday November 30 00:00:00 2022. CVE-2022-23491...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

aws-syndicate (>=0.9.2 <=1.9.4), bcipy (>=1.1.1 <=1.4.2) +40 more potentially affected by CVE-2023-26112 via configobj (>=5.0.0 <=5.0.8)

configobj PYPI version =5.0.0, =0.9.2, =1.1.1, =0.4.1, =1.0.0, =1.0.0, =1.7.0, =0.0.2, =0.1.5, =0.1.2, =0.0.26, =0.1.0, =2.1.0, =0.1.5, =0.1.14, =2018.4.2.1 and more Source cves: CVE-2023-26112 Source advisory: OSV:GHSA-C33W-24P9-8M24...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +606 more potentially affected by CVE-2023-25661 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25661 Source advisory: OSV:GHSA-FXGC-95XX-GRVQ...

ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +94 more potentially affected by CVE-2023-28858 via redis (>=4.2.0 <=4.3.5)

redis PYPI version =4.2.0, =0.5.1, =1.1.0, =22.5.13, =0.1.1, =0.5.0, =3.2.0, =1.0.0, =0.5.0, =0.1.0, =2.0.3, =0.1.2, =0.1.15 - croudtech-python-aws-app-config =1.1.13 and more Source cves: CVE-2023-28858 Source advisory: OSV:GHSA-24WV-MV5M-XV4H...

an-website (>=22.12.28 <=23.2.6), anoteai (>=0.10.0 <=0.20.0) +26 more potentially affected by CVE-2023-28858 via redis (>=4.4.0 <=4.4.2)

redis PYPI version =4.4.0, =22.12.28, =0.10.0, =0.8.2, =0.1.17, =0.0.10, =1.8.1, =0.5.0rc1, =0.0.122, =0.104.0rc1, =0.7.2, =0.31.0, =1.0.2, =1.1.1 - lemur =1.3.1 and more Source cves: CVE-2023-28858 Source advisory: OSV:PYSEC-2023-45...

ad-sdl-wei (>=0.5.1 <=0.5.4), addok (>=1.1.0 <=1.1.0rc2) +143 more potentially affected by CVE-2023-28859 via redis (>=4.2.0 <=4.4.3)

redis PYPI version =4.2.0, =0.5.1, =1.1.0, =1.2.0a20250730, =2.2.1, =22.5.13, =0.1.1, =0.10.0, =0.2.0, =0.5.0, =22.6.0b4, =22.6.0b4, =22.6.0b4, =22.9.5, =23.3.2 and more Source cves: CVE-2023-28859 Source advisory: OSV:PYSEC-2023-46...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +606 more potentially affected by CVE-2023-25801 via tensorflow (>=1.0.1 <=2.11.0rc2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =1.1.0, =0.0.1, =0.2.0, =0.3.1, =0.5.1 and more Source cves: CVE-2023-25801 Source advisory: OSV:GHSA-F49C-87JH-G47Q...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

Malicious code in libguigrandmc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6aecdbe6b089ffe59ba97add73503b78ab4c6dc432a5b733ed03687c146effbf EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqccstringmask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ad3667ef6b7620604468e627b774f2339b75086dc8eb705cbaaa95acd784e178 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqcvinfogrand (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c820bd971cc018caa572c8d3e5fbc4c800609499f10309c461ecf7dbc6d3f315 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-paypalinfopip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d00980074e219dc11140953e97dbbf1b8f13c4d6efc450d19cfccfd12c8848b2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfhydrastudycc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5dc2e2dddc8d4486e55f7c130ba6fd3d65a25aa9af3d922742d15fc493654c3d EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in tpintelpullcpu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx aa5aa0d7db3d4fbdeb8813876a47fb05270e4b0d1e3b83b994a2caf8be6b0aa2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in py-infohydrarandom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8b33f80b0693f39c98c339be819a9518bedd56077b20c5e5ac8b71e703de101c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in tpstringcraftget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bc163c941740b32b40f2df1e19d56519e11ad614608a221cba6f58f5a8150cc5 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...