Cross-Ecosystem Vulnerability Analysis for Python Applications

Python applications depend on native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these libraries, determining which Python packages are affected requires cross-ecosystem analysis spanning Python dependency...

SUSE-SU-2025:20373-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issues: - Updated to v2.2.3: Adapted .golangci.yml format to a new version Simplified podman calls in CI steup Switched GHA runners to Ubuntu 24.04 Updated year in headers Vendored go.mod libraries CVE-2025-22870: golang.org/x/net/proxy: Fixed...

USN-7197-1 golang-golang-x-net vulnerability

Guido Vranken discovered that Go Networking handled input to the Parse functions inefficiently. An attacker could possibly use this issue to cause denial of service. This update addresses the issue in the golang-golang-x-net and golang-golang-x-net-dev packages, as well as the library vendored...

Revert libxml2 behavior in Nokogiri gem that could cause XSS

MRI Behavior in libxml2 has been reverted which caused CVE-2018-8048 loofah gem, CVE-2018-3740 sanitize gem, and CVE-2018-3741 rails-html-sanitizer gem. The commit in question is here: https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impa...

Oracle Linux 7 : rubygem-bundler / and / rubygem-thor (ELSA-2015-2180)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2180 advisory. rubygem-bundler 1.7.8-3 - Enforce higher Thor version, which is required by Bundler. Related: rhbz1194243 1.7.8-2 - Update to Bundler 1.7.8. Resolves: rhbz11942...