Python 3.3 standard library 'ipaddress' suffers from a critical IP address vulnerability (CVE-2021-29921) identical to the flaw that was reported in the "netmask" library earlier this year.

A PyPI package for an AI model was compromised and used to deliver malware Victims were getting XMRig, a popular cryptominer, installed The attack has since been addressed, but users warned to be ...

Cybersecurity company Trellix announced Wednesday that a known Python vulnerability puts 350,000 open-source projects and the applications that use them at risk of device take over or malicious ...

A rather old unpatched Python security vulnerability has resurfaced, causing researchers to warn that hundreds of thousands of projects might be vulnerable to code execution. Cybersecurity ...

This mixed-format IP address validation bug had previously impacted Python's ipaddress library (CVE-2021-29921), netmask implementations (CVE-2021-28918, CVE-2021-29418), and similar libraries.

The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages.

Security firm Checkmarx found that one in three software packages from PyPI contains a flaw that can lead to malicious code being automatically installed. Many software packages from the Python ...

ReversingLabs researchers traced the issue to a breach of the library’s build environment, which was exploited through a known GitHub Actions script injection vulnerability. On December 4, version 8.3 ...

The UK's cyber-security agency warned today developers to consider moving Python 2.x codebases to the newer 3.x branch due to the looming end-of-life (EOL) of the Python 2, scheduled for January 1 ...

Jose Padilla, who maintains the Python build of the library, fixed the signature verification vulnerability in version 1.0.0 last month by adding support for an alg whitelist. The most recent ...