ROOT-OS-DEBIAN-13-CVE-2026-3479 CVE-2026-3479 in rootio-python3.13 - Patched by Root

Root has patched CVE-2026-3479 in the rootio-python3.13 package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-15367 CVE-2025-15367 in rootio-python3.13 - Patched by Root

Root has patched CVE-2025-15367 in the rootio-python3.13 package for Root:Debian:13. Multiple fixed versions available...

Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...

MAL-2026-4768 Malicious code in sklern (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10 Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API linearregression, logisticregression,...

Exploit for CVE-2024-53667

CVE-2024-53677 — How the Exploit Works and How to Run It V...

Malicious Package

Overview python-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4253 Malicious code in pylogft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...

Malicious code in pylogft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35cabdffc8a44bcf857b973cc7eb89b6ae691c9be8189a58a0bd30c1a55a37 On import pylogft, the package's init.py lines 26-27 checks whether the install directory begins with /Users or /Library macOS developer/CI hosts and...

MAL-2026-4246 Malicious code in python-env-auditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...

amazon-braket-sdk-python 安全漏洞

Amazon Braket SDK Python is a Python development toolkit for Amazon Braket’s open-source quantum computing service. Versions of Amazon Braket SDK Python prior to 1.117.0 contained a security vulnerability. This vulnerability stemmed from an insecure deserialization mechanism in the job result...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016601 advisory. pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. Tenable has extracted the preceding description block...

RockyLinux 8 : python3 (RLSA-2025:10128)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10128 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

PT-2026-42831

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The MLX inference backend uses the MLX-LM library, which imports and executes arbitrary Python files from model directories via the model file configuration field in the...

RockyLinux 8 : python3 (RLSA-2026:6473)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6473 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. There is a security vulnerability in Docker Model Runner MLX. This vulnerability stems from the unconditional import and execution of any Python file in the model directory. It may allow malicious models to be pulled...

RockyLinux 8 : python3 (RLSA-2026:2128)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2128 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

RockyLinux 8 : python3 (RLSA-2026:1631)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1631 advisory. cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service CVE-2025-12084 Tenable has extracted the preceding description block...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-paramiko (UTSA-2026-016596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016596 advisory. In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. Tenable h...

angr 9.2.217

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016594 advisory. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. Tenable has extracted the preceding description block directly from the Unity Lin...