Under the C: A glance at C/C++ vulnerabilities in Python land

The research focuses on detecting C-related vulnerabilities in Python and JavaScript projects, as these languages often rely on native C or C++ extensions for improved performance and other aspects. The study found that approximately 1.7% of the PyPI ecosystem contains vulnerable C files, with some libraries having multiple occurrences of vulnerable code. A specific example was given using the python-libsbml library, which is downloaded around 20K times a month and has over 115 public dependencies, making it a potential target for exploitation. The research aims to encourage developers to check for C files in their non-C projects, as these often lack package managers and may remain outdated and vulnerable.