Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview @emilgroup/commission-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released...

Embedded Malicious Code

Overview @emilgroup/accounting-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

fastapi-helpers (>=0.0.1 <=0.2.3), fastapi-users-db-ormar (=1.0.0) +11 more potentially affected by CVE-2026-27953 via ormar (>=0.10.16 <=0.20.2)

ormar PYPI version =0.10.16, =0.0.1, =0.3.1, =0.3.0, =0.0.1, =0.3.1, =0.0.1, =1.0.0, =0.0.1, =0.0.2 Source cves: CVE-2026-27953 Source advisory: SNYK:PYTHON-ORMAR-15701843...

CVE-2026-3479

A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...

UBUNTU-CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

django-cfg (>=1.7.65 <=2.2.60), dynrender-skia (>=0.2.6 <=0.2.8) +8 more potentially affected by CVE-2025-27363 via skia-python (>=121.0.0b6 <=138.0.0)

skia-python PYPI version =121.0.0b6, =1.7.65, =0.2.6, =1.0.0b7, =0.1.1, =0.1.0, =2.1.1, =0.6.2, =1.6.0, =0.1.0, =0.2.0 Source cves: CVE-2025-27363 Source advisory: OSV:GHSA-2MHW-8QCG-GR96...

skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version

Impact The Linux wheels for skia-python vendor a vulnerable version of libfreetype that is affected by CVE-2025-27363 1. The root cause is a chain of unfortunate events: 1. skia-python builds wheels using pinned pypa/[email protected] 2 2. cibuildwheel 2.21.3 in turn pins manylinux container...

GHSA-2MHW-8QCG-GR96 skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version

Impact The Linux wheels for skia-python vendor a vulnerable version of libfreetype that is affected by CVE-2025-27363 1. The root cause is a chain of unfortunate events: 1. skia-python builds wheels using pinned pypa/[email protected] 2 2. cibuildwheel 2.21.3 in turn pins manylinux container...

gimp:2.8 security update

An update is available for module.pygtk2, module.python2-pycairo, python2-pycairo, pygobject2, module.pygobject2, module.gimp, gimp, pygtk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

cpython: POP3 command injection in user-controlled commands

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

Origin Validation Error

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the @localcheck decorator. An attacker can gain unauthorized access to restricted API endpoints by spoofing the Host header in...

Exploit for Path Traversal in Joomla Joomla\!

CVE...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +935 more potentially affected by CVE-2026-33236 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33236 Source advisory: OSV:GHSA-469J-VMHF-R6V7...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33236 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33236 Source advisory: SNYK:PYTHON-NLTK-15692505...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33231 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33231 Source advisory: SNYK:PYTHON-NLTK-15692504...