Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Detection Bypass

fickling is vulnerable to detection bypass. The vulnerability is due to improper handling and analysis of Python builtins during pickle decompilation, which allows an attacker to bypass detection mechanisms and evade static analysis of malicious pickle payloads...

[SECURITY] Fedora 42 Update: python-biopython-1.86-2.fc42

A set of freely available Python tools for computational molecular biology...

A Prompt-Based Framework for Loop Vulnerability Detection Using Local LLMs

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem are often undetected by traditional static analyzers becau...

Stegano 2.1.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

PLY security vulnerabilities

PLY is a Python library developed by B07’s individual developers. Version 3.11 of PLY contains a security vulnerability. This vulnerability stems from the unvalidated deserialization of pickle files via the picklefile parameter in the yacc function, which could lead to remote code execution...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities; these vulnerabilities arise from failing to retain parentheses when folding long comments in email headers that only contain non-folding characters. This can lead to the...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from the possibility of injecting additional commands through line breaks when user-controlled commands are passed...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, where user-controlled headers containing line breaks can lead to HTTP header injection attacks...

MiracleLinux 9 : python3.11-3.11.7-1.el9.ML.1 (AXSA:2024-7974:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7974:03 advisory. python: Parsing errors in email/parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-27043 Tenable has extracted the preceding...

MiracleLinux 9 : python3.11-3.11.7-1.el9_4.1 (AXSA:2024-8483:16)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8483:16 advisory. python: Path traversal on tempfile.TemporaryDirectory CVE-2023-6597 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : python-mako-1.1.4-6.el9 (AXSA:2023-5414:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5414:01 advisory. python-mako: REDoS in Lexer class CVE-2022-40023 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

MiracleLinux 7 : python-pip-9.0.3-7.el7 (AXSA:2020-4518:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4518:01 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...

Fedora 42 : python-biopython (2026-cd7f4e1676)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cd7f4e1676 advisory. - Initial fix for security bug CVE-2025-68463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

MiracleLinux 9 : python-requests-2.25.1-7.el9 (AXSA:2023-6284:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6284:01 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : python-2.7.5-94.0.3.el7.AXS7 (AXSA:2024-8926:48)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8926:48 advisory. CVE-2024-6232: fixed regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via...

MiracleLinux 8 : python-psutil-5.4.3-11.el8 (AXSA:2021-2727:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2727:01 advisory. python-psutil: double free because of refcount mishandling CVE-2019-18874 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2023-7324:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7324:01 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...