VYPR

rpm package

opensuse/python-marshmallow&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-marshmallow&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2025-68480MedDec 22, 2025
    affected < 3.26.2-1.1fixed 3.26.2-1.1

    Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request

  • CVE-2018-17175MedSep 18, 2018
    affected < 3.20.2-2.2fixed 3.20.2-2.2

    In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynam