GHSA-VF33-88PF-HWP3 vulnerabilities

Vulnerabilities for packages: python...

GHSA-H46W-FFVP-4PW5 vulnerabilities

Vulnerabilities for packages: python...

CVE-2026-3644 vulnerabilities

Vulnerabilities for packages: python...

[SECURITY] Fedora 42 Update: python3.14-3.14.3-2.fc42

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-7.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 42 Update: python3.12-3.12.13-2.fc42

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-7.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

MiracleLinux 8 : python3.11-3.11.13-6.el8_10 (AXSA:2026-393:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-393:08 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly...

PT-2026-31674

Name of the Vulnerable Software and Affected Versions web3.py versions 6.0.0b3 through 7.15.0 web3.py versions 6.0.0b3 through 8.0.0b2 Description web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in the offchain lookup...

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:1171-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1171-1 advisory. - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service bsc1259553. - incomplete...

Critical Photon OS Security Update - PHSA-2026-5.0-0802

Updates of 'python3-pyOpenSSL', 'glibc', 'nghttp2', 'rubygem-activesupport', 'python3-Pygments', 'python3-requests', 'libpng', 'etcd', 'sqlite', 'strongswan', 'python3' packages of Photon OS have been released...

Photon OS 4.0: Python3 PHSA-2026-4.0-0991

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0991. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

keycloakauthenticator (>=4.0.5 <=4.0.7), pythoncharmers-meta (>=0.1.0 <=0.2.1) +4 more potentially affected by CVE-2026-33709 via jupyterhub (>=5.0.0b2 <=5.4.3)

jupyterhub PYPI version =5.0.0b2, =4.0.5, =0.1.0, =1.0.11, =1.0.3, =1.2.37, =0.1.4, =0.1.7 Source cves: CVE-2026-33709 Source advisory: SNYK:PYTHON-JUPYTERHUB-15907592...

CVE-2026-34937

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

CVE-2026-34938

The connected GHSA advisory describes a sandbox-escape in PraisonAI’s Python tools: execute_code() in praisonai-agents allows attacker-controlled Python to bypass a three-layer sandbox by subclassing str to override startswith(), bypassing _safe_getattr and enabling arbitrary OS command execution...

0xpwn (=0.1.1), a2a-acl (=0.0.14) +160 more potentially affected by CVE-2026-35030 via litellm (>=1.80.9 <=1.82.6)

litellm PYPI version =1.80.9, =0.0.1a0, =0.7.3, =0.1.46, =0.0.1, =0.1.14.13, =0.5.2, =0.1.0, =0.10.0, =2.0.0, =2.0.0, =2.0.1 - browser-use =0.12.4 and more Source cves: CVE-2026-35030 Source advisory: SNYK:PYTHON-LITELLM-15907831...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34543 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34543 Source advisory: OSV:GHSA-VC68-257W-M432...

203-python-project-rc (>=0.2.0 <=0.2.2), 5mghost-rover (>=0.0.1 <=0.0.26) +1767 more potentially affected by CVE-2026-33752 via curl-cffi (>=0.10.0 <=0.15.0)

curl-cffi PYPI version =0.10.0, =0.2.0, =0.0.1, =1.0.0, =0.2.1, =0.1.3, =0.1.0, =0.2.0, =1.1.0, =0.1.1, =0.0.2, =0.4.0, =0.1.0, =0.1.8 and more Source cves: CVE-2026-33752 Source advisory: SNYK:PYTHON-CURLCFFI-15907859...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-0545 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-0545 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15922302...