58385 matches found
python: cpython: URL parser allowed square brackets in domain names
A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...
python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...
python: Quadratic complexity in os.path.expandvars() with user-controlled template
A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...
Important: Red Hat Security Advisory: python39:3.9 security update
An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
cpython: Python HTMLParser quadratic complexity
A denial-of-service DoS vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource...
cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked
A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
[SECURITY] Fedora 42 Update: python-django4.2-4.2.27-1.fc42
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
[SECURITY] Fedora 42 Update: python-django5-5.2.9-1.fc42
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
[SECURITY] Fedora 43 Update: python-django5-5.2.9-1.fc43
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
📄 Langflow 1.3.0 Remote Code Execution
A critical remote code execution vulnerability exists in Langflow that allows unauthenticated attackers to execute arbitrary system commands via the code validation API endpoint. The vulnerability enables complete compromise of Langflow instances through improper input sanitization in the Python...
📄 js2py 0.74 Automated Sandbox Escape / Code Execution
js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...
python3.9 security update
3.9.25-2.0.1 - Remove upstream URL reference 3.9.25-2 - Move sysconfigdatadlinux.py to the debug subpackage 3.9.25-1 - Update to Python 3.9.25 3.9.24-1 - Update to Python 3.9.24...
python-kdcproxy security update
0.3.2-3.0.1 - Use DNS discovery for declared realms only CVE-2025-59088 Orabug: 38745300 - Fix DoS vulnerability based on unbounded TCP buffering CVE-2025-59089...
EulerOS Virtualization 2.13.1 : protobuf (EulerOS-SA-2025-2559)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...
EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2025-2562)
According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to...
Fedora 42 : brotli / perl-Alien-Brotli (2025-9e233a4e22)
The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-9e233a4e22 advisory. Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial-of-service security issues related to...
A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection
As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...