CVE-2026-4224

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash. Mitigation Mitigatio...

CVE-2026-3644

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...

CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

Malicious code in color-list (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 86ffbba2d1825f76d4c2baa6a8b7ecbe85514239934a3d7903745d17d4baf704 Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...

MAL-2026-1479 Malicious code in color-list (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 86ffbba2d1825f76d4c2baa6a8b7ecbe85514239934a3d7903745d17d4baf704 Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...

Malicious code in codeshouhu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c This package runs a malicious payload when it is imported...

MAL-2026-1488 Malicious code in codeshouhu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 4d37163d3341d79548bd0fd94d62539579ed5f7ba2e48c1810b8d4e20c964c1c This package runs a malicious payload when it is imported...

CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

Exploit for Race Condition in Canonical Ubuntu_Linux

Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1182 more potentially affected by CVE-2026-27459 via pyopenssl (>=22.0.0 <=25.3.0)

pyopenssl PYPI version =22.0.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.4, =0.2.0, =0.1.1, =0.0.1.dev7, =0.27.0 and more Source cves: CVE-2026-27459 Source advisory: SNYK:PYTHON-PYOPENSSL-15674459...

GHSA-5PWR-322W-8JR4 pyOpenSSL DTLS cookie callback buffer overflow

If a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected...

a10-octavia (>=1.0.0 <=2.2.0), a2grunnerp (>=0.1.0 <=0.1.8) +1514 more potentially affected by CVE-2026-27448 via pyopenssl (>=0.14.0 <=25.3.0)

pyopenssl PYPI version =0.14.0, =1.0.0, =0.1.0, =0.9.2, =2.3.36, =2.0.0, =2.4.15, =0.1.17, =0.1.0, =0.3.2, =2.8.1, =0.4.0, =0.2.0, =0.3.4 and more Source cves: CVE-2026-27448 Source advisory: SNYK:PYTHON-PYOPENSSL-15674458...

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...

akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)

simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:PYSEC-2026-132...

CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

UBUNTU-CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...