AZL-79442 CVE-2026-3381 affecting package python-tensorboard 2.16.2-6

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-79410 CVE-2026-3381 affecting package python-tensorflow-estimator 2.11.0-2

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

AZL-79407 CVE-2026-3381 affecting package python-tensorboard 2.11.0-3

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +49 more potentially affected by unknown CVE via dbt-common (>=1.0.0b2 <=1.33.0)

dbt-common PYPI version =1.0.0b2, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.5.2, =1.8.0, =1.8.0, =1.8.15 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DBTCOMMON-15426567...

EUVD-2026-9498

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

GHSA-389R-RCCM-H3H5 eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write

Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...

Permissive List of Allowed Inputs

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file...

Fedora 43 : python3.12 (2026-4e99b7fe5f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4e99b7fe5f advisory. Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367 Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2026-25674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in...

Unity Linux 20.1050a Security Update: python-pip (UTSA-2026-005680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005680 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgradi...

Fedora 42 : apt / python-apt (2026-e0e9d0d54a)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-e0e9d0d54a advisory. Update to latest upstream release apt 3.1.15 and python-apt 3.1.0, also fix a security issue in python-apt ---- Update to latest upstream release apt 3.1.15...

Medium: python-jwt

Issue Overview: pyjwt v2.10.1 was discovered to contain weak encryption. CVE-2025-45768 Affected Packages: python-jwt Issue Correction: Run dnf update python-jwt --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1467 --releasever 2023.10.20260302 to update your system. More...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

Python-Markdown 安全漏洞

Python-Markdown is an open-source Python implementation of a Markdown parser. Version 3.8 of Python-Markdown contains a security vulnerability. This vulnerability stems from malformed HTML sequences, which can lead to unhandled assertion errors, potentially causing remote denial-of-service attack...

langgraph 代码问题漏洞

Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph 1.0.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the possibility of re-creating Python objects during deserialization, which could lead to insecure object reconstruction...

lxml_html_clean 安全漏洞

lxmlhtmlclean is a separate project derived from lxml.HTML.clean, open sourced by the Fedora Python SIG. Versions of lxmlhtmlclean prior to 0.4.4 contained security vulnerabilities. These vulnerabilities stemmed from the base tag being used with the default Cleaner configuration, which could allo...

Frappe 安全漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.98.0 and 14.100.0 have security vulnerabilities. These vulnerabilities stem from a lack of validation when sharing documents,...

Medium: python3.11

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...