58258 matches found
AZL-76487 CVE-2026-0994 affecting package protobuf for versions less than 3.17.3-5
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-75830 CVE-2026-0994 affecting package protobuf for versions less than 25.3-6
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
UBUNTU-CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
EUVD-2026-4519
Malicious code in tableates PyPI...
Malicious code in tableates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-492 Malicious code in tableates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
OESA-2026-1240 python-filelock security update
This package contains a single module, which implements a platform independent file locking mechanism for Python. Security Fixes: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of th...
OESA-2026-1238 python-filelock security update
This package contains a single module, which implements a platform independent file locking mechanism for Python. Security Fixes: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of th...
OESA-2026-1235 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...
OESA-2026-1234 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...
OESA-2026-1233 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...
SUSE-SU-2026:20139-1 Security update for python-jaraco.context
This update for python-jaraco.context fixes the following issues: - CVE-2026-23949: Fixed malicious tar archives may lead to path traversal bsc1256954...
OPENSUSE-SU-2026:20095-1 Security update for python-jaraco.context
This update for python-jaraco.context fixes the following issues: - CVE-2026-23949: Fixed malicious tar archives may lead to path traversal bsc1256954...
EUVD-2026-4520
Malicious code in tabletes PyPI...