Cross-Site Scripting (XSS)

PySpector is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to the HTML report generator inserting code snippets without sanitization, where the scanned Python file's JavaScript payload is interpolated into the report and an attacker can trigger execution by opening the...

[SECURITY] Fedora 44 Update: python3.6-3.6.15-54.fc44

Python is an accessible, high-level, dynamically typed, interpreted programmi ng language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.6 package provides the "python3" executable: the...

Fedora 43 : python-ujson (2026-bf741e26e4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bf741e26e4 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...

Fedora 45 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-c6c01a71f2)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c6c01a71f2 advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45 to 0.4.45, fixing CVE-2026-33056. Update uv and...

Fedora 44 : python-ujson (2026-5725d633ec)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5725d633ec advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-33155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler...

python311-3.11.15-3.1 on GA media (moderate)

python311-3.11.15-3.1 on GA media Announcement ID: openSUSE-SU-2026:10398-1 Rating: moderate Cross-References: CVE-2026-1299 CVSS scores: CVE-2026-1299 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2026-1299 SUSE : 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N...

python313-3.13.12-2.1 on GA media (moderate)

python313-3.13.12-2.1 on GA media Announcement ID: openSUSE-SU-2026:10394-1 Rating: moderate Cross-References: CVE-2026-2297 CVSS scores: CVE-2026-2297 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2026-2297 SUSE : 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N...

CVE-2026-33230

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

CVE-2026-4519

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Malicious code in efghr-honeybee-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e77e2d0088390e5dc421f70a65ade331bfbf554afcc9cc42362098d0ed130692 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...

MAL-2026-2004 Malicious code in flyio-token-client-efgh (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b09830263d8a35450ca657294a1725c441f2f7fe49cc7946e261e8f18401464 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2026-24486,CVE-2025-50537,CVE-2026-24688)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using...