Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1344)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1344 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

Photon OS 4.0: Python3 PHSA-2026-4.0-0939

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0939. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1356)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1356 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

AZL-73730 CVE-2026-21441 affecting package python-urllib3 for versions less than 2.0.7-4

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

CVE-2026-22188

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation. Supplying a larg...

adopt-a-doodle (>=0.0.1 <=0.0.3), bark-simulator (>=0.0.1 <=0.1.0) +105 more potentially affected by CVE-2026-22190 via panda3d (>=1.10.10 <=1.10.9)

panda3d PYPI version =1.10.10, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.1.1, =0.0.3, =0.1.0, =21.2.0, =22.4.0, =20.12.0, =1.0.0, =0.0.1, =1.0.6, =0.0.2, =0.8.5, =0.8.10 and more Source cves: CVE-2026-22190 Source advisory: SNYK:PYTHON-PANDA3D-14931131...

CVE-2026-22188

Panda3D up to version 1.10.16 is affected by a DoS due to unbounded stack allocation in the deploy-stub. The deploy-stub allocates argv_copy and argv_copy2 with alloca() based on attacker-controlled argc without validation, which can exhaust stack space and crash the process during Python interpr...

GHSA-FH55-R93G-J68G vulnerabilities

Vulnerabilities for packages: checkov, kubeflow-pipelines-visualization-server, kserve, py3-cassandra-medusa, open-webui, dask-kubernetes...

GHSA-6MQ8-RVHQ-8WGG vulnerabilities

Vulnerabilities for packages: checkov, kubeflow-pipelines-visualization-server, kserve, py3-cassandra-medusa, open-webui, dask-kubernetes...

EUVD-2026-1352

Malicious code in lnatainstaller PyPI...

MAL-2026-128 Malicious code in lnatainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a613dbd371593bf6bcb7ae528a4d7d7dba2fedfc6670c8cb493bb5cbee18f734 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

CVE-2025-69230 vulnerabilities

Vulnerabilities for packages: awx, apache-beam-python-3.11-sdk, gitlab-cng, request-1276, checkov, py3-vllm-cuda-12.4, py3-cassandra-medusa, kserve, open-webui, airflow, py3.13-scanner-test-libraries-aiohttp, authentik, dask-kubernetes, kubeflow-pipelines-visualization-server...

Python Site-Specific Hook Persistence

This module leverages Python's startup mechanism, where some files can be automically processed during the initialization of the Python interpreter. One of those files are startup hooks site-specific, dist-packages. If these files are present in site-specific or dist-packages directories, any lin...

CLSA-2026-1767800092 python2: Fix of CVE-2025-0938

CVE-2025-0938: disallow square brackets in domain names for parsed URLs to prevent differential URL parsing...

RHSA-2026:0123 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

EUVD-2026-1354

Malicious code in codefrequencychecker PyPI...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...