python 2026
vLLM: Revision pinning does not propagate to all artifact load paths
Revision pinning in vLLM does not consistently apply to all artifacts loaded for a model.
litestar AllowedHostsMiddleware trusts X-Forwarded-Host when Host header missing
AllowedHostsMiddleware trusts the X-Forwarded-Host header when the Host header is absent, allowing bypass of host validation.
PDM writes project-local files without symlink protection, allowing arbitrary file clobber
PDM writes project-local state/configuration files (pdm.
litestar: CSRF cookie XSS via unsafe template pattern
Litestar instances using templates with CSRF protection are vulnerable to HTML injection leading to XSS because the CSRF cookie co
pdm: Path traversal in InstallDestination.write_to_fs() allows arbitrary file write
InstallDestination.write_to_fs() in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but
django 6.0.6 released
Django 6.0.6 is a new release of the high-level Python web framework.
docling: Fixed XXE, decompression bomb, and unbounded archive extraction in METS-GBS backend
Fixed XXE, decompression bomb, and unbounded archive extraction vulnerabilities in METS-GBS backend.
docling LaTeX Backend Path Traversal Vulnerability Fixed in 2.91.0
The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation, allowing path
aiohttp: Cookies sent on cross-origin redirects when using cookies parameter
Cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect, potentially leaking sensiti
starlette: HTTP Host header validation added for request.url
HTTP Host header is now validated against RFC 9112 §3.
WebOb 1.8.10 fixes Location header normalization bypass
WebOb 1.8.10 fixes a security bypass in Location header normalization where ASCII tab, carriage return, and newline characters cou
strawberry-graphql QueryDepthLimiter DoS via circular fragment spreads
The QueryDepthLimiter extension lacks cycle detection in fragment spreads.
strawberry-graphql MaxAliasesLimiter bypass via FragmentSpreadNode
The MaxAliasesLimiter extension does not count aliases expanded from FragmentSpreadNode, letting attackers bypass alias limits and
kas: Repository replacement vulnerability via tag-based references
A security vulnerability in kas allows an attacker to replace a repository with a malicious one under specific conditions, potenti
Bugsink Fixes Authorization Bypass in Event Lookup
Issue event pages now require the event identifier to belong to the issue in the URL.
Bugsink: Fixed authorization bypass in bulk issue actions
Fixed a project-boundary authorization issue where bulk actions on the issue list could modify issues in other projects.
Bugsink 2.2.0 fixes cross-project sourcemap lookup by debug ID
Before 2.2.0, sourcemap and debug file resolution by debug ID was not scoped to the project that owned the metadata. An authentica
Bugsink DoS via excessive custom tags
Bugsink versions before 2.2.2 are vulnerable to a denial of service via excessive custom tags in an event, causing delayed ingesti
GeoNode SSRF Vulnerability in Service Registration Endpoint
GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability
Authlib OAuth 2.0 Authorization Endpoint Open Redirect Vulnerability
Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported
dulwich: sanitize commit subjects in format_patch to prevent path traversal
dulwich.porcelain.format_patch and dulwich format-patch CLI now sanitize commit subjects. get_summary only replaced spaces with da
dulwich: Memory exhaustion via crafted thin pack (CVE-2024-? )
A memory exhaustion vulnerability (CWE-400/CWE-789) in add_thin_pack / apply_delta allows a push client to cause denial of service
docling v2.74.0 fixes XXE vulnerability in USPTO patent XML parsers
USPTO patent XML parsers (ICE v4.
docling HTML backend security fixes for file access, SSRF, and redirect vulnerabilities
Security fixes in docling HTML backend: patched multiple vulnerabilities including local file access via file:// URIs, path traver
docling-core: Local file access and memory exhaustion via image references (CVE-2025-XXXX)
docling-core versions >=2.5.0, <2.74.1 allowed local file:// image references and accepted inline data: content without a decoded-
docling-core: SSRF via unsafe Content-Disposition resolution (>=1.5.0, <2.74.1)
docling-core versions >=1.5.0, <2.74.1 did not sufficiently restrict remote request destinations and could resolve a server-provid
Jupyter Enterprise Gateway: Prohibited UID/GID Bypass via Whitespace
A security advisory was published.
Jupyter Enterprise Gateway YAML Injection via Untrusted Environment Variables
Jupyter Enterprise Gateway is vulnerable to YAML injection via untrusted environment variables (e.
stata-mcp: Command injection via log_file_name parameter
The `log_file_name` parameter in `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization,
praisonai-platform: Agent CRUD endpoints lack workspace scoping (Red)
Agent CRUD endpoints (GET/PATCH/DELETE /workspaces/{workspace_id}/agents/{agent_id}) do not enforce workspace scoping on agent loo
AIT-Core BSC Unauthenticated Path Traversal and Arbitrary File Append
The Binary Stream Capture (BSC) component in AIT-Core before 3.