Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
High
GSA_kwCzR0hTQS01Z3JyLTcyZjktNjc4ds4AA93Y
Malware package cipherbcrypt
Ecosystems: pypi
Packages: cipherbcrypt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
High
GSA_kwCzR0hTQS05Nzk0LXBjNHItNDM4d84AA93X
Local File Inclusion in Solara
Ecosystems: pypi
Packages: solara
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS01anE4LXE2cmotOWdxNM4AA9zp
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsing
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 3 days ago
High
GSA_kwCzR0hTQS05am1mLTIzN2ctcWY0Ns4AA9wT
Django Path Traversal vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14N3EyLXdyN2cteHFtZs4AA9wR
Django vulnerable to user enumeration attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 days ago
High
GSA_kwCzR0hTQS1mNmY4LTlteDYtOW14Ms4AA9wW
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1xZzJwLTlqd3ItbW1xZs4AA9wQ
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1qZm1qLTV2NGctNzYzN84AA9oo
zipp Denial of Service vulnerability
Ecosystems: pypi
Packages: zipp
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS01NjRqLXYyOXctcnFyNs4AA9n4
Khoj Open Redirect Vulnerability in Login Page
Ecosystems: pypi
Packages: khoj-assistant
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS0zdjMzLTN3bXctMzc4Nc4AA9n3
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
High
GSA_kwCzR0hTQS1td3htLTM1ZjgtNnZnMs4AA9nD
Vanna vulnerable to SQL Injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS01M3E3LTQ4NzQtMjRxZ84AA9m9
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Certifi removes GLOBALTRUST root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yNHY0LXc5cHYtNmZwaM4AA9mC
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Ecosystems: pypi
Packages: nova, glance, cinder
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 9 days ago
Low
GSA_kwCzR0hTQS1jdnc0LWM2OWctN3Y3bc4AA9d0
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
High
GSA_kwCzR0hTQS03OXc3LXZoM2gtOGc0as4AA9dz
yt-dlp File system modification and RCE through improper file-extension sanitization
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 12 days ago
Critical
GSA_kwCzR0hTQS05djJmLTZ2Y2ctM2hnds4AA9cz
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Ecosystems: pypi
Packages: Gradio
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backups
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0zNDM0LWhjM20tOG1tbc4AA9bD
Reflected Cross-Site Scripting (XSS) in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 14 days ago
High
GSA_kwCzR0hTQS1jZ3Z4LTk0NDctdmNjaM4AA9aK
ntlk unsafe deserialization vulnerability
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 16 days ago
High
GSA_kwCzR0hTQS13OXFmLTgzamctMng2Y84AA9Zx
lollms vulnerable to dot-dot-slash path traversal in XTTS server
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 16 days ago
High
GSA_kwCzR0hTQS05Y2htLW02eDItNmZ2Y84AA9Zw
lollms vulnerable to path traversal due to unauthenticated root folder settings change
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 16 days ago
Critical
GSA_kwCzR0hTQS1tcjdoLXcycWMtZmZjMs4AA9ZU
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 16 days ago
High
GSA_kwCzR0hTQS1tNDVjLXY0NmgtYzc4OM4AA9Z4
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xcWN2LXZnOWYtNXJyM84AA9Z6
litellm vulnerable to improper access control in team management
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Critical
GSA_kwCzR0hTQS1ycnFxLWZ2Nm0tNjkybc4AA9Zq
vanna vulnerable to remote code execution caused by prompt injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
High
GSA_kwCzR0hTQS01OG0zLXJjdnAtZjl3d84AA9ZT
h2o vulnerable to unexpected POST request shutting down server
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 16 days ago
Critical
GSA_kwCzR0hTQS1ncHBnLWdxdzgtd2g5Z84AA9Z3
litellm vulnerable to remote code execution based on using eval unsafely
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xMjdjLWo2ajktNTN3M84AA9Yo
Directory creation by malicious user in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 17 days ago
High
GSA_kwCzR0hTQS0ycXczLTJ3djYtcDY0eM4AA9Yp
Path traversal in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1ndzg0LTg0cGMteHA4Ms4AA9XO
Cross-site Scripting in djangorestframework
Ecosystems: pypi
Packages: djangorestframework
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 18 days ago
High
GSA_kwCzR0hTQS01dmdqLWdnbTQtZmc2Ms4AA9W1
pdoc embeds link to malicious CDN if math mode is enabled
Ecosystems: pypi
Packages: pdoc
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oMjZ3LXI0bTUtOHJyZs4AA9UE
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS03Z2pyLWhjYzMteGZyNM4AA9Ta
Improper line feed handling in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS03OWg4LWd4aHEtcTNqZ84AA9TI
Remote Code Execution in create_conda_env function in lollms
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 20 days ago
Critical
GSA_kwCzR0hTQS1tdnJtLWZoOHEtNndyMs4AA9S_
Remote Code Execution via path traversal bypass in lollms
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1nNmM5LWY0eG0tOWo0eM4AA9S3
Open redirect in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 22 days ago
High
GSA_kwCzR0hTQS1oOTV4LTI2ZjMtODhocs4AA9P0
js2py allows remote code execution
Ecosystems: pypi
Packages: js2py
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1oY3I3LWNxd2MtcTVncc4AA9OR
Apache Superset server arbitrary file read
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS05aGN2LWo5cHYtcW1waM4AA9LE
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS13OWp4LTRnNmctcnA3eM4AA9LD
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zNGpoLXA5N2YtbXB4Zs4AA9I1
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 26 days ago
High
GSA_kwCzR0hTQS0zajRoLWgzZnAtdnd3d84AA9Il
LNbits improperly handles potential network and payment failures when using Eclair backend
Ecosystems: pypi
Packages: lnbits
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS13bXZtLTl2cXYtNXFwcM4AA9HZ
langchain_experimental Code Execution via Python REPL access
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 28 days ago
Low
GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF
Apache Airflow does not return the "Cache-Control" header for dynamic content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1oang2LWY2NDctbXZmOc4AA8_I
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Ecosystems: pypi
Packages: invenio-communities
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1ncHJqLTNwNzUtZjk5Ns4AA8-l
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12cXdyLXE2Y2MtYzI0Ms4AA89T
parisneo/lollms Local File Inclusion (LFI) attack
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mdmNxLTR4NjQtaHF4cs4AA880
Jupyter Server Proxy has a reflected XSS issue in host parameter
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12NWdmLXI3OGgtNTVxNs4AA88z
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Ecosystems: pypi
Packages: document-merge-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTZyNGgtM3ZqOc4AA88w
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Ecosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xZzMzLXgyYzUtNnA0NM4AA84o
Langflow remote code execution vulnerability
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zbXdjLTJjajctZ3g4Y84AA83Q
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Ecosystems: pypi
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F
Authlib has algorithm confusion with asymmetric public keys
Ecosystems: pypi
Packages: authlib
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05OWhtLTg2aDctZ3IzZ84AA81n
zenml-io/zenml does not expire the session after password reset
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1oeDU0LXBmMjgtN3hjaM4AA8z8
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS13aGY0LWZwajgtcGdnOM4AA8z1
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13MjM1LTdwODQteHg1N84AA8x9
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03NTNqLW1wbXgtcXE2Z84AA8x8
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zeHI4LXFmdmotOXA5as4AA8xH
Arbitrary file deletion in litellm
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ajQyLXBjZm0tMzQ2N84AA8xM
SQL injection in litellm
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14MjM0LXI1ZmcteDUybc4AA8xY
Arbitrary system path lookup in h20
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oNm02LWpqOHYtOTRqas4AA8xW
SQL injection in litellm
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12OXE2LWZtNDgtcng3NM4AA8xv
Authentication bypass in dtale
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qdzh4LTY0OTUtMjMzds4AA8xU
scikit-learn sensitive data leakage vulnerability
Ecosystems: pypi
Packages: scikit-learn
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12d2dmLTdmOWgtaDQ5Oc4AA8w7
Cross site scripting in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1qNTI3LXY1NzktbTk4aM4AA8xd
Improper authentication in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qNDZxLTVweHgtOHZtd84AA8xl
Local File Inclusion in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcTczLWc0cXItZmdjcc4AA8xg
Clickjacking in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ZjhxLXEyajctN2oybc4AA8w-
Undefined Behavior in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jNTQ2LThqbXEtaHByas4AA8w2
Race condition in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xMjVjLWM5NzctNGNtaM4AA8xA
Server-Side Request Forgery in langchain
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zaGpoLWpoMmgtdnJnNs4AA8xc
Denial of service in langchain-community
Ecosystems: pypi
Packages: langchain-community
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05eDg4LTRqZzgtNHZmN84AA8w1
Improper authorization in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS01cTZjLWZmdmcteGNtOc4AA8xf
Remote code execution in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1ocnc2LXdnODItY202Ms4AA8wx
Jupyter server on Windows discloses Windows user password hash
Ecosystems: pypi
Packages: jupyter_server
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NzNnLTU1aHAtM2Zyd84AA8wY
Server-Side Request Forgery in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jZ3djLXF2cngtcmY3Zs4AA8wc
Remote code execution in pytorch lightning
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS02djZnLWo1ZnEtaHB2d84AA8wb
Local file inclusion in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1odmg0LTVxcjYtM3Y3cs4AA8uT
Observable Timing Discrepancy in pypqc
Ecosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tODdtLW1tdnAtdjlxbc4AA8uI
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00bTNnLTZyN2ctanY0Zs4AA8t0
Arbitrary JavaScript execution due to using outdated libraries
Ecosystems: pypi
Packages: gradio_pdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xNDljLTZ2Nmctd2dxM84AA8rz
Skops unsafe deserialization
Ecosystems: pypi
Packages: skops
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mcHZqLW0yaDYtNndjNc4AA8r5
ydata unsafe deserialization
Ecosystems: pypi
Packages: ydata-profiling
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS13ZjdmLThmeGYteGZ4Y84AA8ro
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qOG1nLXBxYzUteDlnas4AA8rn
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jZzQ5LWhyajQtM3Jwcs4AA8rx
ydata unsafe deserialization
Ecosystems: pypi
Packages: ydata-profiling
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jd2dnLXc2bXAtdzloZ84AA8rp
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ycjU3LTJtcmgtZ2dqds4AA8r6
ydata cross-site scripting
Ecosystems: pypi
Packages: ydata-profiling
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wcWN2LXF3MnItcjg1Oc4AA8rt
MLFlow improper input validation
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jdjZjLTc5NjMtd3hjZ84AA8rv
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS00M2M0LTlxZ2oteDc0Ms4AA8re
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS03cDhqLXF2NngtZjRnNM4AA8rh
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS03NmNnLWNmaHgtMzczZs4AA8rk
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1naHY2LTlyOWotd2g0as4AA8rm
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS14Mzh4LWc2Z3ItanFmZs4AA8rl
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS03bTc1LXgyN3ctcjUycs4AA8nb
qdrant input validation failure
Ecosystems: pypi
Packages: qdrant-client
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05cDczLXg4NnYtanc1N84AA8mU
path traversal vulnerability was identified in the parisneo/lollms-webui
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xcTk5LXA1N3ItZzN2N84AA8mT
code injection vulnerability exists in the huggingface/text-generation-inference repository
Ecosystems: pypi
Packages: text-generation
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: about 1 month ago
Statistics
Advisories: 19,486
Packages: 8,600
Repositories: 801
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 apache-airflow 80 django 80 ansible 63 salt 55 Plone 52 apache-superset 50 nova 47 mlflow 46 plone 43 rdiffweb 42 Pillow 41 vyper 38 Django 36 matrix-synapse 35 moin 35 keystone 31 opencv-python 30 opencv-contrib-python 30 glance 20 langchain 19 gradio 18 cobbler 17 mercurial 17 PaddlePaddle 17 neutron 16 pillow 16 paddlepaddle 15 notebook 15 cryptography 15 pyload-ng 14 modoboa 14 pyftpdlib 14 ethyca-fides 13 OctoPrint 13 vantage6 13 urllib3 12 wagtail 12 swift 12 calibreweb 11 twisted 11 zenml 11 aiohttp 11 onionshare-cli 11 horizon 11 trytond 10 Flask-AppBuilder 10 nautobot 10 zope 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 Zope 9 kiwitcms 9 cinder 9 waitress 9 aubio 8 trac 8 numpy 8 label-studio 8 python-keystoneclient 8 jupyter-server 7 lollms 7 sentry 7 lief 7 ipython 7 matrix-sydent 7 scrapy 7 pip 7 pysaml2 7 pgadmin4 7 litellm 7 yt-dlp 6 tornado 6 Zope2 6 Moin 6 graphite-web 6 apache-airflow-providers-apache-hive 6 mailman 6 requests 6 web2py 6 tuf 6 mindsdb 6 lxml 6 inventree 6 nltk 5 Products.CMFPlone 5 Jinja2 5 python-gnupg 5 feedparser 5 whoogle-search 5 omero-web 5 saleor 5 lmdb 5 oauthenticator 5 paramiko 5 pyspark 5 ckan 5 bleach 5 PyPDF2 4 jupyterhub 4 buildbot 4 Scrapy 4 datasette 4 esphome 4 transformers 4 tripleo-heat-templates 4 ansible-core 4 reportlab 4 FreeTAKServer-UI 4 grpcio 4 grpc 4 GitPython 4 nvflare 4 Flask-Security-Too 4 httpie 4 markdown2 4 Pygments 4 starlette 4 barbican 4 Weblate 4 werkzeug 4 Radicale 4 keylime 4 bottle 4 qutebrowser 4 jwcrypto 4 Keystone 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 Werkzeug 4 pretix 4 Red-DiscordBot 3 torchserve 3 langchain-experimental 3 streamlit 3 apache-libcloud 3 ujson 3 SQLAlchemy 3 Kallithea 3 pywasm3 3 mayan-edms 3 poetry 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.theming 3 plone.app.event 3 gerapy 3 protobuf 3 dbt-core 3 bitlyshortener 3 pyyaml 3 sanic 3 vanna 3 sqlparse 3 ajenti 3 Products.PluggableAuthService 3 ydata-profiling 3 Nova 3 copyparty 3 httplib2 3 scikit-learn 3 django-helpdesk 3 jupyterlab 3 homeassistant 3 onnx 3 aim 3 indy-node 3 pyarrow 3 mitmproxy 3 pandasai 3 apache-iotdb 3 apache-airflow-providers-apache-spark 3 octavia 3 asyncua 3 certifi 3 slixmpp 3 openvpn-monitor 3 changedetection.io 3 flask 3 wger 3 keyring 3 clearml 3 docassemble.webapp 3 sosreport 3 mistune 3 sickrage 3 Mezzanine 3 io.grpc:grpc-protobuf 3 dtale 3 ansible-runner 3 localstack 3 django-tinymce 3 h2o 3 fava 3 TinyMCE 3
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 107 https://github.com/apache/airflow 92 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/saltstack/salt 34 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 29 https://github.com/openstack/keystone 28 https://github.com/opencv/opencv 28 https://github.com/gradio-app/gradio 16 https://github.com/langchain-ai/langchain 16 https://github.com/vantage6/vantage6 15 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/ethyca/fides 13 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/urllib3/urllib3 12 https://github.com/wagtail/wagtail 12 https://github.com/onionshare/onionshare 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/openstack/glance 11 https://github.com/aio-libs/aiohttp 11 https://github.com/jupyter/notebook 10 https://github.com/zenml-io/zenml 10 https://github.com/nautobot/nautobot 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/openstack/horizon 9 https://github.com/apache/superset 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/faucetsdn/ryu 9 https://github.com/numpy/numpy 8 https://github.com/ipython/ipython 8 https://github.com/octoprint/octoprint 8 https://github.com/kiwitcms/Kiwi 8 https://github.com/jupyter-server/jupyter_server 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/openstack/neutron 7 https://github.com/getsentry/sentry 7 https://github.com/openstack/cinder 7 https://github.com/BerriAI/litellm 7 https://github.com/lief-project/LIEF 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/tornadoweb/tornado 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/pypa/pip 6 https://github.com/mindsdb/mindsdb 6 https://github.com/matrix-org/sydent 6 https://github.com/graphite-project/graphite-web 6 https://github.com/lxml/lxml 6 https://github.com/HumanSignal/label-studio 6 https://github.com/pallets/werkzeug 6 https://github.com/yt-dlp/yt-dlp 6 https://github.com/gitpython-developers/GitPython 5 https://github.com/hwchase17/langchain 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/psf/requests 5 https://github.com/mozilla/bleach 5 https://github.com/keylime/keylime 5 https://github.com/jupyterhub/oauthenticator 5 https://github.com/WeblateOrg/weblate 5 https://github.com/benbusby/whoogle-search 5 https://github.com/tryton/trytond 5 https://github.com/FreeTAKTeam/UI 4 https://github.com/web2py/web2py 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/run-llama/llama_index 4 https://github.com/saleor/saleor 4 https://github.com/latchset/jwcrypto 4 https://github.com/grpc/grpc 4 https://github.com/Kozea/Radicale 4 https://github.com/ckan/ckan 4 https://github.com/Cog-Creators/Red-DiscordBot 4 https://github.com/huggingface/transformers 4 https://github.com/jhpyle/docassemble 4 https://github.com/simonw/datasette 4 https://github.com/pallets/jinja 4 https://github.com/inventree/InvenTree 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/nltk/nltk 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/esphome/esphome 4 https://github.com/ome/omero-web 4 https://github.com/bottlepy/bottle 4 https://github.com/py-pdf/pypdf 4 https://github.com/ronf/asyncssh 4 https://github.com/rohe/pysaml2 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/dbt-labs/dbt-core 3 https://github.com/pallets/flask 3 https://github.com/wasm3/wasm3 3 https://github.com/mpdavis/python-jose 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/jupyterhub/jupyter-server-proxy 3 https://github.com/python/cpython 3 https://github.com/beancount/fava 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/openstack/octavia 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/ansible/ansible-runner 3 https://github.com/rochacbruno/quokka 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/certifi/python-certifi 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/pytorch/serve 3 https://github.com/lepture/mistune 3 https://github.com/onnx/onnx 3 https://github.com/yaml/pyyaml 3 https://github.com/pypa/advisory-db 3 https://github.com/home-assistant/core 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/pretix/pretix 3 https://github.com/gventuri/pandas-ai 3 https://github.com/pygments/pygments 3 https://github.com/streamlit/streamlit 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/tinymce/tinymce 3 https://sourceforge.net/projects/roject 3 https://github.com/Gerapy/Gerapy 3 https://github.com/trentm/python-markdown2 3 https://github.com/theupdateframework/tuf 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/github/securitylab 3 https://github.com/poezio/slixmpp 3 https://github.com/djblets/djblets 3 https://github.com/indico/indico 3 https://github.com/paramiko/paramiko 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/sosreport/sos 3 https://github.com/encode/starlette 3 https://github.com/dlitz/pycrypto 3 https://github.com/parisneo/lollms 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/hyperledger/indy-node 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/9001/copyparty 3 https://github.com/httplib2/httplib2 3 https://github.com/pyca/pyopenssl 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/aaugustin/websockets 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/pretalx/pretalx 2 https://github.com/bbangert/beaker 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/NVIDIA/NeMo 2 https://github.com/0x72303074/CVE-Disclosures 2 https://github.com/aio-libs/aiosmtpd 2 https://github.com/alex/rply 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/petl-developers/petl 2 https://github.com/openstack/ossa 2 https://github.com/aio-libs/aiohttp-session 2 https://github.com/anymail/django-anymail 2 https://github.com/apache/submarine 2 https://github.com/openstack/magnum 2 https://github.com/arachnys/cabot 2 https://github.com/archivy/archivy 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/openstack/barbican 2 https://github.com/plone/plone.restapi 2 https://github.com/adamghill/django-unicorn 2 https://github.com/jdennis/keycloak-httpd-client-install 2 https://github.com/jaraco/keyring 2 https://github.com/DataDog/guarddog 2 https://github.com/JamesTheAwesomeDude/pypqc 2 https://github.com/inventree/inventree 2 https://github.com/inveniosoftware/invenio-communities 2 https://github.com/IncludeSecurity/safeurl-python 2 https://github.com/devsnd/cherrymusic 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/httpie/httpie 2 https://github.com/html5lib/html5lib-python 2 https://github.com/heartexlabs/label-studio 2 https://github.com/goToMain/libosdp 2 https://github.com/django-wiki/django-wiki 2 https://github.com/geopython/OWSLib 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/dnkorpushov/ebookmeta 2 https://github.com/embedchain/embedchain 2 https://github.com/facebookresearch/ParlAI 2