SUSE CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +876 more potentially affected by CVE-2026-41488 via langchain-openai (>=0.0.1 <=1.1.12)

langchain-openai PYPI version =0.0.1, =0.1.0, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =1.0.0rc1, =3.2.0, =0.1.0, =0.1.1, =0.0.1a0, =2.1.7, =2.1.8 and more Source cves: CVE-2026-41488 Source advisory: OSV:GHSA-R7W7-9XR2-QQ2R...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +233 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41425 Source advisory: OSV:GHSA-JJ8C-MMJ3-MMGV...

MAL-2026-2821 Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Flowise: Code Injection in CSVAgent leads to Authenticated RCE

Summary The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide the following payload: DataFrame'foo': 'bar!';import os;os.system'whoami' that will get interpolated and executed by the server. Details The code in question that introduces t...

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection through the pythonCodeValidator and the Python execution paths in AirtableAgent.ts and CSVAgent.ts. An attacker can supply LLM-generated Python code that smuggles in...

GHSA-F228-CHMX-V6J6 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.

Description Summary “AirtableAgent” is an agent function provided by FlowiseAI that retrieves search results by accessing private datasets from airtable.com. “AirtableAgent” uses Python, along with Pyodide and Pandas, to get and return results. The user’s input is directly applied to the question...

3m (>=0.1.0 <=0.1.3), a2d-diary (>=0.1.0 <=0.1.5) +1779 more potentially affected by CVE-2026-41313 via pypdf2 (>=1.24.0 <=3.0.1)

pypdf2 PYPI version =1.24.0, =0.1.0, =0.1.0, =1.1.0, =0.0.0.1, =0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.2, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1038 and more Source cves: CVE-2026-41313 Source advisory: SNYK:PYTHON-PYPDF2-16097904...

3m (>=0.1.0 <=0.1.3), a2d-diary (>=0.1.0 <=0.1.5) +1779 more potentially affected by CVE-2026-41312 via pypdf2 (>=1.24.0 <=3.0.1)

pypdf2 PYPI version =1.24.0, =0.1.0, =0.1.0, =1.1.0, =0.0.0.1, =0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.2, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1038 and more Source cves: CVE-2026-41312 Source advisory: SNYK:PYTHON-PYPDF2-16097902...

Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the FlateDecode method when handling streams with a /Predictor value not equal to...

adoc (>=0.1.0 <=0.1.5), adr (>=0.4.0 <=0.4.1) +231 more potentially affected by CVE-2026-41205 via mako (>=1.0.1 <=1.3.10)

mako PYPI version =1.0.1, =0.1.0, =0.4.0, =0.1.0, =1.0.4, =0.0.1, =0.7.0, =1.0.1, =0.1.2, =0.1.0, =0.3.24, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-41205 Source advisory: SNYK:PYTHON-MAKO-16098253...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: pytest: python3-pytest-9.0.3-1.hum1 noarch pytest-9.0.3-1.hum1.src src...

MAL-2026-2818 Malicious code in genosys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

CLSA-2026-1776091275 python3.9: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue: CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:1416-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804...

python-vulnerability-scanner

Python Web Vulnerability Scanner This project is a simple Pyt...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: Security issues: CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API...

Security Bulletin: Vulnerability in platform-python affects IBM Netezza Appliance

Summary The platform-python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-13836 DESCRIPTION: When reading an HTTP response from a server, if no read amount is specified, the default behavior wi...

Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...