News

WeLiveSecurity1y
A pernicious potpourri of Python packages in PyPI - WeLiveSecurity
Interestingly, in some cases the Python code in the source distribution differs from the built distribution. The former is clean, while the latter contains the malicious code.
Yahoo Finance1mon
Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source - Yahoo Finance
Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from ...
Computer Weekly2y
15-year-old Python bug present in 350,000 open source projects
A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...
Bleeping Computer2y
Unpatched 15-year old Python bug allows code execution in 350k projects - BleepingComputer
The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract() function or the built-in defaults of tarfile.extractall(). It is a path traversal bug that ...
Visual Studio Magazine1y
Community Dev Gives VS Code Python Some YAPF
"The ultimate goal is that the code YAPF produces is as good as the code that a programmer would write if they were following the style guide," Google's repo says. Microsoft, meanwhile, this month ...