CLSA-2026-1775058454 python: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands to prevent command injection...

CLSA-2026-1775058202 python: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands to prevent command injection...

SUSE-SU-2026:20992-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. bsc1258125...

OPENSUSE-SU-2026:20458-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. bsc1258125...

Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

RHSA-2026:6285 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

RHSA-2026:6286 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

RHSA-2026:6283 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

RHSA-2026:6281 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

RHSA-2026:6253 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

CLEANSTART-2026-BM51903 Security fixes for CVE-2015-20107, CVE-2015-2104, CVE-2019-16056, CVE-2019-16935, CVE-2019-20907, CVE-2019-5010, CVE-2020-14422, CVE-2020-8492, CVE-2021-23336, CVE-2021-29921, CVE-2021-3177, CVE-2022-45061, CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2025-59375 applied in versions: 3.10.5-r0, 3.11.1-r0, 3.11.5-r0, 3.12.12-r0, 3.12.3-r2, 3.12.6-r0, 3.6.8-r1, 3.7.5-r0, 3.8.2-r0, 3.8.4-r0, 3.8.5-r0, 3.8.7-r2, 3.8.8-r0, 3.9.4-r0, 3.9.5-r0

Multiple security vulnerabilities affect the python3 package. These issues are resolved in later releases. See references for individual vulnerability details...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by credential disclosure due to Python Requests library

Summary The Python Requests library is used by IBM Cloud Pak for Data System 1.0 to handle HTTP communications. CVE-2024-47081 affects Requests due to a URL parsing issue that may leak .netrc credentials to third parties when processing maliciously-crafted URLs. This vulnerability could result in...

MAL-2026-2327 Malicious code in kube-health-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package

Summary The Python cryptography package is used by IBM Cloud Pak for Data System to provide cryptographic functionality. CVE-2024-0727 affects the underlying OpenSSL library used by the cryptography package. Processing a maliciously formatted PKCS12 file may cause a NULL pointer dereference in...

SUSE-SU-2026:20954-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

aa-rag (>=0.4.2 <=0.4.3), aana (>=0.2.1 <=0.2.2) +960 more potentially affected by unknown CVE via onnxruntime (>=1.0.0 <=1.23.2)

onnxruntime PYPI version =1.0.0, =0.4.2, =0.2.1, =0.1.0b1, =0.25.14, =0.26.0, =1.0.0, =0.1.0, =0.4.0, =0.1.8, =0.1.0, =0.1.0, =1.0.6, =0.4.0, =0.4.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-ONNXRUNTIME-15869956...

01os (>=0.0.1 <=0.0.14), a2a-acl (=0.0.14) +647 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.3)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.64.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15870298...

2dify (=1.0.1), a2grunnerp (>=0.1.0 <=0.1.8) +719 more potentially affected by unknown CVE via fonttools (>=4.0.0 <=4.61.1)

fonttools PYPI version =4.0.0, =0.1.0, =0.0.2, =1.0.0, =0.1.3, =3.0.1, =0.0.3.20, =0.0.1, =1.1.2, =1.5.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-FONTTOOLS-15869939...

[SECURITY] Fedora 43 Update: python-gstreamer1-1.26.11-1.fc43

This module contains PyGObject overrides to make it easier to write applications that use GStreamer 1.x in Python...

AlmaLinux 8 : python3.11 (ALSA-2026:6281)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6281 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...