pyxdg is vulnerable to code injection. The vulnerability is due to lack of sanitization of xdg/Menu.py
before an eval call, allowing an attacker to perform xdg.Menu.parse parsing within the directory containing this file by using a malicious python code via a Category element of a Menu XML document in a .menu file once XDG_CONFIG_DIR is configured.