Important: python-pyasn1

Issue Overview: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. CVE-2026-23490 Affected Packages:...

Important: python-pyasn1

Issue Overview: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. CVE-2026-23490 Affected Packages:...

Medium: python-filelock

Issue Overview: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows loc...

OPENSUSE-SU-2026:10151-1 python311-wheel-0.46.3-1.1 on GA media

These are all security issues fixed in the python311-wheel-0.46.3-1.1 package on the GA media of openSUSE Tumbleweed...

python security update

2.7.5-94.0.3 - Fix for CVE-2025-12084 Orabug: 38902314...

Important: python3.13-pip

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

Important: python3.11-pip

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

Important: python-pip

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Oracle Linux 8 : python3.12-wheel (ELSA-2026-2090)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2090 advisory. 0.41.2-4 - Security fix for CVE-2026-24049 Resolves: RHEL-143636 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Amazon Linux 2 : python-pyasn1, --advisory ALAS2-2026-3148 (ALAS-2026-3148)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3148 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This...

AlmaLinux 10 : python-wheel (ALSA-2026:1902)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1902 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

Oracle Linux 10 : python-wheel (ELSA-2026-1902)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1902 advisory. 1:0.41.2-5.1 - Security fix for CVE-2026-24049 Resolves: RHEL-143630 Tenable has extracted the preceding description block directly from the Oracle Linux...

RockyLinux 9 : python3.9 (RLSA-2026:1478)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1478 advisory. cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service CVE-2025-12084 Tenable has extracted the preceding description block...

AlmaLinux 10 : python3.12 (ALSA-2026:1828)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1828 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of...

RHEL 9 : brotli (RHSA-2026:2042)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2042 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffma...

RHEL 8 : python3 (RHSA-2026:2128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2128 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

FreeBSD : python -- several security vulnerabilities (bfe9adc8-0224-11f1-8790-c5fb948922ad)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bfe9adc8-0224-11f1-8790-c5fb948922ad advisory. The Python project announces a new release with several security fixes: Tenable has extracted...