Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
High
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-lib
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpaste
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via version
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0zOTJjLXZqZnYtaDd3cs4AA3Xd
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default Permissions
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZST
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fields
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding Task
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlip
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Published: 14 days ago
Critical
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Published: 17 days ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS04cjk2LTg4ODktcWcyeM4AA3OE
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1meGZmLXd4eHYtYzJqY84AA3OX
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
Ecosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS00aGg1LTI2NzgtODNmeM4AA3N-
Cross-Site Request Forgery vulnerability in Prefect
Ecosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS04NjMzLWczcGgtOTdycM4AA3OH
Missing SSL certificate validation in localstack
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the server
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS04MnZyLTU3NjktNjM1OM4AA3Nk
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS0zY2gzLWpoYzYtNXI4eM4AA3MJ
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS01NWcyLXZtM3EtN3c1Ms4AA3Lb
Ansible galaxy-importer Path Traversal vulnerability
Ecosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS12YzN2LXBwYzctdjQ4Ns4AA3K2
vantage6-server node accepts non-whitelisted algorithms from malicious server
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 20 days ago
Low
GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS02aGpqLWdxNzctajRxd84AA3GL
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS1ndzdnLXFyOHctMzQ0OM4AA3Dw
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
Ecosystems: pypi
Packages: remarshal
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepoints
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1obTlyLTdmODQtMjVjOc4AA3Cv
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1jMzVxLWZmcGYtNXFwbc4AA3BV
AsyncSSH Rogue Session Attack
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS0zZjM4LTk2cW0tcjNmd84AA3BJ
esptool allows attackers to view sensitive information via weak cryptographic algorithm
Ecosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1jZmMyLXdyMnYtZ3htNc4AA3BH
AsyncSSH Rogue Extension Negotiation
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS0zdnBmLW1jajctNWgzOM4AA2_U
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1oOGdjLXBnajItdmptM84AA25m
Django Denial-of-service in django.utils.text.Truncator
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Z2hqLXA0dmotbXIzNc4AA250
Pillow Denial of Service vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03aDRwLTI3bWgtaG1yd84AA25h
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xbWY5LTZqcWYtajhmcc4AA23t
Django potential denial of service vulnerability in UsernameField on Windows
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13amNjLWNxNzktcDYzZs4AA21E
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
Ecosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device information
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback login
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Yzh4LXZwNzktcDN3bc4AA2sO
twisted.web has disordered HTTP pipeline response
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcTI2LWczMzktMjZ4Zs4AA2sC
Command Injection in pip when used with Mercurial
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ocmZ2LW1xcDgtcTVyd84AA2oc
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qcTZjLXI5eGYtcXhqbc4AA2ob
dtale vulnerable to Remote Code Execution through the Custom Filter Input
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV
Nautobot vulnerable to exposure of hashed user passwords via REST API
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yanhnLXJwZzMtOXI4Oc4AA2oP
Fides Information Disclosure Vulnerability in Config API Endpoint
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qcTN3LTltZ2YtNDNtNM4AA2oO
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05cXFnLW1oN2MtY2hmcc4AA2oC
Apache Airflow vulnerable to Exposure of Sensitive Information
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05eDQzLTVxY3EtaDc5cc4AA2nF
Django Grappelli Open Redirect vulnerability
Ecosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oNDU0LXJxM20tODlyY84AA2nE
Wagtail CRX CodeRed Extensions vulnerable to Path Traversal
Ecosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02aDhwLTRoeDktdzY2Y84AA2mq
Langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qNDR2LW1tZjIteHZtOc4AA2mh
PDM Trojan Lockfile
Ecosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01N2NyLXJxM2YtcHBteM4AA2me
modoboa Cross-Site Request Forgery vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS05d2ozLWNmcTgtd3B2as4AA2mc
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12OXZqLTlweHYtbXIyd84AA2kx
mycli has Inadequate Encryption Strength
Ecosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jcjQ1LTk4dzktZ3dxeM4AA2kE
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context
Ecosystems: pypi
Packages: archivebox
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03MnF3LXA3aGgtbTNmZs4AA2ju
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link
Ecosystems: pypi
Packages: torbot
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS02NTV3LWZtOG0tbTQ3OM4AA2ja
LangChain Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNG14LXE5dmctMjdwNM4AA2gt
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nd3ZtLTQ1Z3gtM2NmOM4AA2c6
Authorization Header forwarded on redirect
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qM3c4LTJwMmgtbXJyOc4AA2ci
Apache Airflow vulnerable to privilege escalation
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jZ3gyLXJybXItang0M84AA2ch
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zMndyLXFxdzYtNW1mcM4AA2cg
Apache Airflow vulnerable to sensitive information exposure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03eDk0LTZnMm0tM2hwMs4AA2cP
Defining resource name as integer may give unintended access in vantage6
Ecosystems: pypi
Packages: vantage6-node, vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nYzU3LXhoaDUtbTk0cs4AA2cO
Improper Access Control in vantage6
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1md2ZnLXZwcmgtOTdwaM4AA2Xz
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12bTJtLTdocHctZnBtcc4AA2XX
Microsoft Common Data Model SDK Denial of Service Vulnerability
Ecosystems: pypi, maven, nuget
Packages: commondatamodel-objectmodel, com.microsoft.commondatamodel:objectmodel, Microsoft.CommonDataModel.ObjectModel
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mOXBtLTRnOXAtNnZtM84AA2Rp
Bundled libwebp in pywebp vulnerable
Ecosystems: pypi
Packages: webp
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zZjQ4LTlqN3EtcTJnds4AA2Qr
NI MeasurementLink Python Services Improper Access Restriction vulnerability
Ecosystems: pypi
Packages: ni-measurementlink-service
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerable
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS01NnB3LW1wajQtZnh3d84AA2QC
Bundled libwebp in Pillow vulnerable
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title property
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Published: 2 months ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 django 78 apache-airflow 65 ansible 53 rdiffweb 42 Pillow 40 apache-superset 39 plone 36 matrix-synapse 34 Plone 32 opencv-python 30 opencv-contrib-python 30 vyper 23 Django 16 langchain 15 modoboa 14 notebook 13 pyftpdlib 13 cobbler 13 nova 13 pillow 13 onionshare-cli 12 mlflow 12 cryptography 12 calibreweb 11 twisted 11 keystone 11 urllib3 11 OctoPrint 10 salt 10 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 pyload-ng 9 glance 9 waitress 9 ethyca-fides 9 wagtail 9 Flask-AppBuilder 8 Zope 8 aiohttp 8 numpy 8 aubio 8 pysaml2 7 matrix-sydent 7 pip 7 paddlepaddle 7 python-keystoneclient 7 swift 7 vantage6 7 lief 6 mailman 6 ipython 6 web2py 6 inventree 6 graphite-web 6 python-gnupg 6 jupyter-server 6 Zope2 6 lxml 6 apache-airflow-providers-apache-hive 6 zope 5 bleach 5 gradio 5 keylime 5 tuf 5 requests 5 feedparser 5 neutron 5 pgadmin4 5 sentry 5 Products.CMFPlone 5 pyspark 5 starlette 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 PyPDF2 4 Pygments 4 qutebrowser 4 reportlab 4 httpie 4 omero-web 4 Flask-Security-Too 4 scrapy 4 gerapy 4 Jinja2 4 bottle 4 label-studio 4 werkzeug 4 markdown2 4 FreeTAKServer-UI 4 nltk 4 horizon 4 saleor 4 nvflare 4 datasette 4 mitmproxy 3 cinder 3 keyring 3 ray 3 indy-node 3 rsa 3 paramiko 3 grpcio 3 grpc 3 io.grpc:grpc-protobuf 3 GitPython 3 localstack 3 pretix 3 wger 3 bitlyshortener 3 barbican 3 plone.app.theming 3 plone.supermodel 3 indico 3 plone.app.dexterity 3 plone.app.event 3 ujson 3 sickrage 3 Products.PluggableAuthService 3 ansible-runner 3 pyarrow 3 fava 3 yt-dlp 3 oauthenticator 3 pywasm3 3 ckan 3 roundup 3 quokka 3 poetry 3 Weblate 3 slixmpp 3 trytond 3 copyparty 3 django-helpdesk 3 mistune 3 flask 3 jupyterhub 3 torchserve 3 tripleo-heat-templates 3 apache-airflow-providers-apache-spark 3 Werkzeug 3 protobuf 3 ecdsa 3 nautobot 3 asyncua 3 moin 3 pyyaml 3 mayan-edms 3 redis 2 ubi-reader 2 certifi 2 apache-airflow-providers-apache-drill 2 kallithea 2 html5lib 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 Google.Protobuf 2 cabot 2 org.apache.spark:spark-core 2 pandasai 2 tornado 2 guarddog 2 openzeppelin-cairo-contracts 2 typed-ast 2 pyxdg 2 keystonemiddleware 2 Twisted 2 Products.CMFCore 2 distributed 2 py 2 org.apache.spark:spark-parent_2.12 2 apache-submarine 2 superset 2 binwalk 2 petl 2 plone.restapi 2 djblets 2 aws-encryption-sdk-cli 2 asyncssh 2 Radicale 2 scancodeio 2 untangle 2 markdown-it-py 2 apache-iotdb 2 aiohttp-session 2 CairoSVG 2 mercurial 2 pyjwt 2 apache-airflow-providers-google 2 apache-airflow-providers-apache-sqoop 2 flower 2 RestrictedPython 2 djangorestframework 2 autobahn 2 python-cjson 2 piccolo 2 Red-DiscordBot 2 red-arrow 2 logilab-common 2 websockets 2 ansible-core 2 django-sendfile2 2 python-ldap 2 safeurl-python 2 pretalx 2 pypdf 2 ctx 2 snowflake-connector-python 2 plone.app.contenttypes 2 setuptools 2 pytorch-lightning 2 buildbot 2 starkbank-ecdsa 2 simiki 2 FreeTAKServer 2 archivy 2 scout-browser 2 django-anymail 2 proteus 2 ryu 2 parlai 2 uvicorn 2 aws-encryption-sdk 2 django-unicorn 2 pikepdf 2 shuup 2 dompurify 2 pycrypto 2 bikeshed 2 wasm3 2 django-cms 2 mindsdb 2 python-libnmap 2 apache-airflow-providers-odbc 2 mako 2 in-toto 2 python-apt 2 webargs 2 tripleo-ansible 2 tlslite-ng 2 httplib2 2 pyopenssl 2 AccessControl 2 sqlparse 2 openapi-python-client 2 rpyc 2 sanic 2 wagtail-2fa 2 loguru 2 keycloak-httpd-client-install 2 SQLAlchemy 2 aioxmpp 2 streamlit 2 parso 1 elastic-apm 1 tortoise-orm 1 gitpython 1 easybuild-framework 1 tkvideoplayer 1 tendenci 1 IPython 1 phoenix-ws 1 archivebox 1 dtale 1 oauthlib 1 autogluon.multimodal 1 openssl-src 1 torch 1 feedgen 1 sqlfluff 1 jupyter-core 1 binderhub 1 tqdm 1 admesh 1 marcador 1 apache-airflow-providers-microsoft-mssql 1 django-grappelli 1 onefuzz 1 com.google.protobuf:protobuf-parent 1 coderedcms 1 ceilometer 1 Beaker 1 suds 1 mat2 1 hnswlib 1 com.google.protobuf:protobuf-java 1 sqla-yaml-fixtures 1 octoprint 1 zbar 1 python-docx 1 clickhouse-driver 1 django-mfa2 1 exotel 1 jefferson 1 python-swiftclient 1 pdm 1