211 matches found
1claw-crewai-tools (=0.1.0), aacp-crewai (=0.1.0) +1044 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)
uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-UV-15969260...
1claw-crewai-tools (=0.1.0), aacp-crewai (=0.1.0) +1044 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)
uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-68HJ-V9MW...
uv vulnerable to arbitrary file deletion through RECORD entries
Impact Wheel RECORD entries can contain relative paths that traverse outside of the wheel’s installation prefix. In versions 0.11.5 and earlier of uv, these wheels were not rejected on installation and the RECORD was respected without validation on uninstall. uv uses the RECORD to determine files...
[SECURITY] Fedora 43 Update: domoticz-2026.1-1.fc43
Domoticz is a Home Automation System that lets you monitor and configure vari ous devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to any mobile device...
GHSA-7GGG-PVRF-458V OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic
Summary PIPINDEXURL and UVINDEXURL bypass host exec env sanitization and redirect Python package-index traffic Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still allows Python package-index env redirection through host exec, but scope should stay...
[SECURITY] Fedora 42 Update: python-uv-build-0.10.12-1.fc42
This package is a slimmed down version of uv containing only the build backend...
Fedora 42 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-23bb71ea52)
The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-23bb71ea52 advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv...
[SECURITY] Fedora 43 Update: python-uv-build-0.10.12-1.fc43
This package is a slimmed down version of uv containing only the build backend...
[SECURITY] Fedora 44 Update: python-uv-build-0.11.2-1.fc44
This package is a slimmed down version of uv containing only the build backend...
Fedora 44 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-e22a7dbf2d)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e22a7dbf2d advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv...
Fedora 43 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-d18cf572b8)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-d18cf572b8 advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv...
Fedora 44 : python-uv-build / rust-ambient-id / rust-astral-reqwest-middleware / etc (2026-b8b59dcf44)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-b8b59dcf44 advisory. Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be...
Fedora 45 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-c6c01a71f2)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c6c01a71f2 advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45 to 0.4.45, fixing CVE-2026-33056. Update uv and...
GHSA-6GX3-4362-RF54 vulnerabilities
Vulnerabilities for packages: wasmcloud, uv, pixi, mise...
CVE-2026-32766 vulnerabilities
Vulnerabilities for packages: uv, pixi, wasmcloud...
GHSA-6GX3-4362-RF54 vulnerabilities
Vulnerabilities for packages: uv, pixi, wasmcloud...
python311-uv-0.10.11-1.1 on GA media (moderate)
python311-uv-0.10.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:10380-1 Rating: moderate Cross-References: CVE-2026-31812 CVSS scores: CVE-2026-31812 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-31812 SUSE : 6.9...
OPENSUSE-SU-2026:10380-1 python311-uv-0.10.11-1.1 on GA media
These are all security issues fixed in the python311-uv-0.10.11-1.1 package on the GA media of openSUSE Tumbleweed...
GHSA-6XVM-J4WR-6V98 vulnerabilities
Vulnerabilities for packages: cargo-audit, vector, zizmor, uv, xh, sccache, wasmcloud, zola, lychee, wash, qdrant, samply, nushell, wadm, parseable, berg, zed, py3-xet-core, pixi...
CVE-2026-31812 vulnerabilities
Vulnerabilities for packages: cargo-audit, vector, zizmor, uv, xh, sccache, wasmcloud, zola, lychee, wash, qdrant, samply, nushell, wadm, parseable, berg, zed, py3-xet-core, pixi...