SAGA: Detecting Security Vulnerabilities Using Static Aspect Analysis

Python is one of the most popular programming languages; as such, projects written in Python involve an increasing number of diverse security vulnerabilities. However, existing state-of-the-art analysis tools for Python only support a few vulnerability types. Hence, there is a need to detect a...

Medium: python

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 Affected Packages: python Note: This advisory ...

Medium: python-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

Amazon Linux 2 : python, --advisory ALAS2-2026-3128 (ALAS-2026-3128)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3128 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorith...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3127 (ALAS-2026-3127)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3127 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager,...

Important Photon OS Security Update - PHSA-2026-5.0-0744

Updates of 'python3-urllib3' packages of Photon OS have been released...

📄 Splunk Enterprise 8.2.9 / 9.0.2 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a user...

Debian dsa-6104 : python-keystonemiddleware-doc - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6104 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3126 (ALAS-2026-3126)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3126 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to...

Security update for python-weasyprint (important)

openSUSE security update: security update for python-weasyprint ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20069-1 Rating: important References: bsc1256936 Cross-References: CVE-2025-68616 CVSS scores: CVE-2025-68616 SUSE : 7.5...

OPENSUSE-SU-2026:10076-1 python311-FontTools-4.61.1-1.1 on GA media

These are all security issues fixed in the python311-FontTools-4.61.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10077-1 python311-jaraco.context-6.1.0-1.1 on GA media

These are all security issues fixed in the python311-jaraco.context-6.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

AlmaLinux 10 : brotli (ALSA-2026:0845)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0845 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the AlmaLinu...

Debian: Security Advisory (DSA-6104-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:10079-1 python311-weasyprint-68.0-1.1 on GA media

These are all security issues fixed in the python311-weasyprint-68.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:20069-1 Security update for python-weasyprint

This update for python-weasyprint fixes the following issues: Changes in python-weasyprint: - CVE-2025-68616: Fixed a server-side request forgery in default fetcher boo1256936...

AZL-75044 CVE-2026-0672 affecting package python3 for versions less than 3.9.19-18

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

AZL-75026 CVE-2026-0672 affecting package python3 for versions less than 3.12.9-8

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

AZL-75050 CVE-2025-15367 affecting package python3 3.9.19-19

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

AZL-75029 CVE-2025-15366 affecting package python3 3.12.9-9

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...