ROS-20260512-73-0003

Vulnerability in python-PyPDF2 related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

OPENSUSE-SU-2026:10759-1 python-Twisted-doc-26.4.0-1.1 on GA media

These are all security issues fixed in the python-Twisted-doc-26.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

granian 安全漏洞

Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, built using Django for hosting self-hosted FLOSS fitness/exercise, nutrition, and weight tracking applications. Versions of WGER prior to 2.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of Python object...

ROS-20260512-73-0012

Vulnerability in python-tornado related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

PT-2026-40452

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description A sandbox escape exists in the custom Python tool executor. Authenticated workflow authors can bypass sandbox restrictions using object-graph introspection primitives. By employing Python introspection...

PT-2026-40064

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parse op part function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Althoug...

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

PT-2026-40059

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syft function for remote execution on the server. While a...

PT-2026-40312

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

OPENSUSE-SU-2026:10760-1 python311-click-8.3.3-2.1 on GA media

These are all security issues fixed in the python311-click-8.3.3-2.1 package on the GA media of openSUSE Tumbleweed...

ROS-20260512-73-0004

Vulnerability in python-PyPDF2 related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-31220

CVE-2026-31220 affects PySyft (Syft Datasite/Server)

OPENSUSE-SU-2026:10758-1 python311-GitPython-3.1.49-1.1 on GA media

These are all security issues fixed in the python311-GitPython-3.1.49-1.1 package on the GA media of openSUSE Tumbleweed...

cognee 安全漏洞

Cognee is an open-source tool developed by Topoteretes, designed to provide AI agents with shared memory and context management capabilities. Cognee versions prior to v0.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the unsafe exec function in notebook cell...

Heym 安全漏洞

Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

CVE-2026-31229

The ART (Adversarial Robustness Toolbox) package up to v1.20.1 contains an insecure deserialization vulnerability in its Kubeflow component’s model loading path. Loading model weights (e.g., model.pt) uses torch.load() without weights_only=True, allowing arbitrary Python object deserialization vi...

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

ROS-20260512-73-0001

Vulnerability in python-PyPDF2 related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...