UBUNTU-CVE-2026-32722

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33230 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33230 Source advisory: OSV:GHSA-GFWX-W7GR-FVH7...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33230 via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33230 Source advisory: SNYK:PYTHON-NLTK-15692478...

MAL-2026-1577 Malicious code in ropie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5a7814d65bb3b0e5187be5d4ae9b0a11b4030ea5d911fdef3f5e614b6c15e95d Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by unknown CVE via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-NLTK-15692479...

aana (>=0.2.1 <=0.2.2), acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9) +492 more potentially affected by CVE-2026-33155 via deepdiff (>=5.0.1 <=8.6.1)

deepdiff PYPI version =5.0.1, =0.2.1, =0.1.7, =3.0.0b853, =0.1.0, =0.0.1, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =2.8.5, =0.1.6, =0.2.0 and more Source cves: CVE-2026-33155 Source advisory: SNYK:PYTHON-DEEPDIFF-15692487...

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

CVE-2026-3479 pkgutil.get_data() does not enforce documented restrictions

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

OPENSUSE-SU-2026:20392-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: Changes in python-Authlib: - CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738 - CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key...

OPENSUSE-SU-2026:20393-1 Security update for python-simpleeval

This update for python-simpleeval fixes the following issues: Changes in python-simpleeval: - CVE-2026-32640: Objects including modules can leak dangerous modules through to direct access inside the sandbox bsc1259685...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in urllib3 (CVE-2026-21441, CVE-2025-66471)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21441, CVE-2025-66471 reported for urllib3. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache Path Traversal & RCE Internship Tas...

Malicious code in tabullate (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1914 Malicious code in tabullate (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in suficloud (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1913 Malicious code in suficloud (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in quantumania (PyPI)

--- -= Per source details. Do not edit below this line.=-...