https://db.gcve.eu/rss/recent/pysec/10 2026-03-11T04:09:17.525270+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent entries. https://db.gcve.eu/vuln/pysec-2025-68 2026-03-11T04:09:17.534351+00:00 A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.

https://db.gcve.eu/vuln/pysec-2025-52 2026-03-11T04:09:17.534336+00:00 gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

https://db.gcve.eu/vuln/pysec-2025-70 2026-03-11T04:09:17.534325+00:00 A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

https://db.gcve.eu/vuln/pysec-2025-51 2026-03-11T04:09:17.534313+00:00 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

https://db.gcve.eu/vuln/pysec-2025-61 2026-03-11T04:09:17.534301+00:00 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

https://db.gcve.eu/vuln/pysec-2025-65 2026-03-11T04:09:17.534287+00:00 A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.

https://db.gcve.eu/vuln/pysec-2025-69 2026-03-11T04:09:17.534273+00:00 In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

https://db.gcve.eu/vuln/pysec-2025-71 2026-03-11T04:09:17.534258+00:00 Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably allow an attacker to execute JavaScript code on a user's session for any application based on Cadwyn via a one-click attack. The vulnerability has been fixed in version 5.4.3.

Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably allow an attacker to execute JavaScript code on a user's session for any application based on Cadwyn via a one-click attack. The vulnerability has been fixed in version 5.4.3.

https://db.gcve.eu/vuln/pysec-2025-72 2026-03-11T04:09:17.534240+00:00 The `num2words` project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments.

The `num2words` project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments.

https://db.gcve.eu/vuln/pysec-2026-1 2026-03-11T04:09:17.534192+00:00 A PyPI user account compromised by an attacker and was able to upload a malicious version (1.1.5.post1) of the `dydx-v4-client` package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible because it is tucked away inside 100 layers of encoding, the structural design—specifically the use of recursive decompression followed by an `exec()` call is a definitive indicator of malicious software, likely a "Crypter" or "Dropper" masquerading as a cryptocurrency-related utility. with the intent on connecting to hxxps://dydx.priceoracle.site/py to download and execute further payloads. Users of the `dydx-v4-client` package should immediately uninstall version 1.1.5.post1 and revert to the last known good version (1.1.5) or later secure versions once available. Additionally, users should monitor their systems for any unusual activity and consider running security scans to detect any potential compromise.

A PyPI user account compromised by an attacker and was able to upload a malicious version (1.1.5.post1) of the `dydx-v4-client` package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible because it is tucked away inside 100 layers of encoding, the structural design—specifically the use of recursive decompression followed by an `exec()` call is a definitive indicator of malicious software, likely a "Crypter" or "Dropper" masquerading as a cryptocurrency-related utility. with the intent on connecting to hxxps://dydx.priceoracle.site/py to download and execute further payloads. Users of the `dydx-v4-client` package should immediately uninstall version 1.1.5.post1 and revert to the last known good version (1.1.5) or later secure versions once available. Additionally, users should monitor their systems for any unusual activity and consider running security scans to detect any potential compromise.