RHEL 9 : python3.11 (RHSA-2026:1892)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1892 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 9 : python3.11 (RHSA-2026:1922)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1922 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2026:0037-1 Rating: important References: 1257401 1257405 1257406 1257407 1257408 Cross-References: CVE-2025-13473 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312 CVSS scores: CVE-2025-13473 SUSE: 7.5...

Fedora 42 : python-python-multipart (2026-720b8d0c6c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-720b8d0c6c advisory. Security fix for CVE-2026-24486 / GHSA- wp53-j4wj-2cfg. ---- 0.0.22 2026-01-25 Drop directory path from filename in File Tenable has extracted the preceding...

Fedora 42 : python-jupytext (2026-d3c5092654)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d3c5092654 advisory. See https://github.com/mwouts/jupytext/blob/main/CHANGELOG.md for changes in versions 1.19.0 and 1.19.1. This update contains a fix for CVE-2025-13465. Tenab...

Fedora: Security Advisory (FEDORA-2026-d3c5092654)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-9111b2e330)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : python-jupytext (2026-9111b2e330)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9111b2e330 advisory. See https://github.com/mwouts/jupytext/blob/main/CHANGELOG.md for changes in versions 1.19.0 and 1.19.1. This update contains a fix for CVE-2025-13465. Tenab...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

Boltz contains an insecure deserialization vulnerability in its molecule loading functionality

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +22 more potentially affected by CVE-2026-1287 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-1287 Source advisory: SNYK:PYTHON-DJANGO-15198932...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +22 more potentially affected by CVE-2026-1312 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-1312 Source advisory: SNYK:PYTHON-DJANGO-15198931...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +22 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +22 more potentially affected by CVE-2025-14550 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-14550 Source advisory: OSV:GHSA-33MW-Q7RJ-MJWJ...

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...