Security update for python-cbor2 (moderate)

openSUSE Security Update: Security update for python-cbor2 Announcement ID: openSUSE-SU-2026:0009-1 Rating: moderate References: 1255783 Cross-References: CVE-2025-68131 CVSS scores: CVE-2025-68131 SUSE: 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSU...

EUVD-2026-1910

Malicious code in libc-dev PyPI...

Malicious code in libc-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb6d8dc8c1dde2d0e31a36f23ab7fbd5931d00834eef4d6ee225cada5edbb44c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-3220 vulnerabilities

Vulnerabilities for packages: python...

GHSA-74P9-4V44-WWX5 vulnerabilities

Vulnerabilities for packages: python...

CVE-2024-3220 vulnerabilities

Vulnerabilities for packages: python...

GHSA-74P9-4V44-WWX5 vulnerabilities

Vulnerabilities for packages: python...

CHASE: LLM Agents for Dissecting Malicious PyPI Packages

Modern software package registries like PyPI have become critical infrastructure for software development, but are increasingly exploited by threat actors distributing malicious packages with sophisticated multi-stage attack chains. While Large Language Models LLMs offer promising capabilities fo...

Fedora 42 : python-pdfminer (2026-4686d11563)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4686d11563 advisory. Backport fix for CVE-2025-64512 / GHSA-wf5f-4jwr-ppcp Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

EUVD-2026-1862

Malicious code in oncecall PyPI...

MAL-2026-189 Malicious code in oncecall (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30fc3993415d365e03d500864542d91d6c6d87af8b6125765af3ba4a5ee059f6 Package silently downloads and executes an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

afs-file-validator (=1.0.1), apkutils (>=1.0.2 <=1.0.4) +43 more potentially affected by CVE-2025-15504 via lief (>=0.10.1 <=0.17.1)

lief PYPI version =0.10.1, =1.0.2, =1.0.0, =0.1.0, =1.0.0, =0.0.0, =0.4.2, =0.0.1, =2024.9.24, =5.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 - famework =0.1.5 and more Source cves: CVE-2025-15504 Source advisory: SNYK:PYTHON-LIEF-14912565...

0x20bf (=0.0.1), 31 (=2.3.0) +4288 more potentially affected by CVE-2026-22701 via filelock (>=3.0.10 <=3.20.2)

filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2026-22701 Source advisory: SNYK:PYTHON-FILELOCK-14912448...

AZL-74234 CVE-2026-22701 affecting package python-filelock for versions less than 3.20.3-1

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

CVE-2026-22691

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

CVE-2026-22690

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

CVE-2026-22612

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

CVE-2026-22606

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...