UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

Astra Linux - уязвимость в python-django, python2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

CLSA-2026-1778535928 python: Fix of 2 CVEs

CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the legacy '?:.,' prefix is replaced with the upstream-3.x form '?:^|,' and the scheme charset excludes ',' to prevent quadratic backtracking on crafted WWW-Authenticate headers - CVE-2021-23336: stop accepting ';' as a default...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +299 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =1.0.5, =26.1.0, =2.0.2, =0.45.0, =0.51.0 - auditize =0.10.0 and more Source cves: CVE-2026-44432 Source advisory: OSV:GHSA-MF9V-MFXR-J63J...

ROS-20260505-73-0048

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

Astra Linux - уязвимость в pypy

Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...

Astra Linux - уязвимость в python3.7, python2.7

There is a flaw in the urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server to which an HTTP client such as a web browser connects can trigger a Regular Expression Denial of Service ReDOS during an authentication request. This occurs when the server sends a...

python: Fix of CVE-2019-9948

CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...

cpython: Header injection via newlines in data URL mediatype in Python

Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

SUSE-SU-2026:20665-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: preserving parens when folding comments in email headers. bsc1257029 - CVE-2026-0672: rejects control characters in http cookies. bsc1257031 - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which coul...

SUSE-SU-2026:20710-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: preserving parens when folding comments in email headers. bsc1257029 - CVE-2026-0672: rejects control characters in http cookies. bsc1257031 - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which coul...

MAL-2026-1225 Malicious code in urllib-slim (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

Malicious code in urllib-slim (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

OESA-2026-1458 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Security Bulletin: Vulnerability assertj-core, spring-security-crypto, werkzeug, urllib, libsodium, jersey-client, log4j, dmidecode-dmidecode, and aide affect IBM Cloud Object Storage Systems (FEB 2026)

Summary Vulnerability with assertj-core-3.27.3 CVE-2026-24400 , spring-security-crypto-6.4.4 CVE-2025-22234 , werkzeug-3.1.3-py3 CVE-2026-21860,CVE-2025-66221 , urllib3-2.5.0-py3CVE-2025-66418,CVE-2025-66471, CVE-2026-21441 , libsodiumCVE-2025-69277 jersey-client-2.25.1CVE-2025-12383 ,...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

RHSA-2026:1957 Red Hat Security Advisory: python3.12-urllib3 security update

Bulletin has no description...

RHSA-2026:1619 Red Hat Security Advisory: python3.12-urllib3 security update

Bulletin has no description...

RHSA-2026:1226 Red Hat Security Advisory: python3.12-urllib3 security update

Bulletin has no description...

RHSA-2026:1224 Red Hat Security Advisory: python3.11-urllib3 security update

Bulletin has no description...