Python still hasn't closed a vulnerability discovered back in 2007, according to Bleeping Computer
Over 350,000 open-source projects are under attack.
The vulnerability was found in the end of August 2007. However, it has not been closed and has not been assigned a severity level, only the CVE-2007-4559 index.
The flaw itself is in the Python tarfile package, where the untested tarfile.extract() or tarfile.extractall() functions are used. It can be used to potentially overwrite or capture files on the victim's computer when a vulnerable application opens a malicious tarfile archive via tarfile.