Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi Security Advisories
Loading...
High
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Published: 3 days ago
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-libEcosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Published: 3 days ago
High
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Published: 3 days ago
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpasteEcosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Published: 3 days ago
Critical
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Published: 6 days ago
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificatesEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Published: 6 days ago
High
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of PrivilegeEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
High
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via versionEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via methodEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smugglingEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
GSA_kwCzR0hTQS0zOTJjLXZqZnYtaDd3cs4AA3Xd
Apache Superset - Elevation of PrivilegeEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default PermissionsEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 10 days ago
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZSTEcosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 10 days ago
High
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: 12 days ago
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fieldsEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: 12 days ago
Critical
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 12 days ago
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache SubmarineEcosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Published: 13 days ago
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding TaskEcosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Published: 13 days ago
High
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 13 days ago
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCEEcosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 13 days ago
High
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Published: 13 days ago
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbotsEcosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Published: 14 days ago
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlipEcosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Published: 14 days ago
High
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Published: 14 days ago
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption paddingEcosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Published: 14 days ago
Critical
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarineEcosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 15 days ago
Critical
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Published: 17 days ago
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data fileEcosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Published: 17 days ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an accountEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
High
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS04cjk2LTg4ODktcWcyeM4AA3OE
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attackEcosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Published: 18 days ago
High
Ecosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS1meGZmLXd4eHYtYzJqY84AA3OX
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryptionEcosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Published: 18 days ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
High
Ecosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS00aGg1LTI2NzgtODNmeM4AA3N-
Cross-Site Request Forgery vulnerability in PrefectEcosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Published: 18 days ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
High
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS04NjMzLWczcGgtOTdycM4AA3OH
Missing SSL certificate validation in localstackEcosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Published: 18 days ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the serverEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 18 days ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 18 days ago
High
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS04MnZyLTU3NjktNjM1OM4AA3Nk
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity VerificationEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Published: 19 days ago
GSA_kwCzR0hTQS0zY2gzLWpoYzYtNXI4eM4AA3MJ
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy InjectionEcosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
Ecosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Published: 20 days ago
GSA_kwCzR0hTQS01NWcyLXZtM3EtN3c1Ms4AA3Lb
Ansible galaxy-importer Path Traversal vulnerabilityEcosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Published: 20 days ago
High
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Published: 20 days ago
GSA_kwCzR0hTQS12YzN2LXBwYzctdjQ4Ns4AA3K2
vantage6-server node accepts non-whitelisted algorithms from malicious serverEcosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 20 days ago
GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1
AIOHTTP has problems in HTTP parser (the python one, not llhttp)Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 20 days ago
Low
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 20 days ago
GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacksEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 20 days ago
High
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 20 days ago
GSA_kwCzR0hTQS02aGpqLWdxNzctajRxd84AA3GL
Label Studio Object Relational Mapper Leak Vulnerability in Filtering TaskEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 20 days ago
High
Ecosystems: pypi
Packages: remarshal
Source: GitHub Advisory Database
Published: 22 days ago
GSA_kwCzR0hTQS1ndzdnLXFyOHctMzQ0OM4AA3Dw
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs AttackEcosystems: pypi
Packages: remarshal
Source: GitHub Advisory Database
Published: 22 days ago
Critical
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Published: 22 days ago
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepointsEcosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 22 days ago
GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized ActorEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 22 days ago
GSA_kwCzR0hTQS1obTlyLTdmODQtMjVjOc4AA3Cv
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notesEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 22 days ago
High
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
GSA_kwCzR0hTQS1jMzVxLWZmcGYtNXFwbc4AA3BV
AsyncSSH Rogue Session AttackEcosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
High
Ecosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Published: 25 days ago
GSA_kwCzR0hTQS0zZjM4LTk2cW0tcjNmd84AA3BJ
esptool allows attackers to view sensitive information via weak cryptographic algorithmEcosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
GSA_kwCzR0hTQS1jZmMyLXdyMnYtZ3htNc4AA3BH
AsyncSSH Rogue Extension NegotiationEcosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
Critical
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 25 days ago
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session TokensEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 25 days ago
Critical
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data fileEcosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS0zdnBmLW1jajctNWgzOM4AA2_U
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR PackagesEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1oOGdjLXBnajItdmptM84AA25m
Django Denial-of-service in django.utils.text.TruncatorEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS04Z2hqLXA0dmotbXIzNc4AA250
Pillow Denial of Service vulnerabilityEcosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS03aDRwLTI3bWgtaG1yd84AA25h
Django Denial of service vulnerability in django.utils.encoding.uri_to_iriEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerabilityEcosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1xbWY5LTZqcWYtajhmcc4AA23t
Django potential denial of service vulnerability in UsernameField on WindowsEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS13amNjLWNxNzktcDYzZs4AA21E
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDFEcosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device informationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerabilityEcosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback loginEcosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS14Yzh4LXZwNzktcDN3bc4AA2sO
twisted.web has disordered HTTP pipeline responseEcosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1tcTI2LWczMzktMjZ4Zs4AA2sC
Command Injection in pip when used with MercurialEcosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1ocmZ2LW1xcDgtcTVyd84AA2oc
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginningEcosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1qcTZjLXI5eGYtcXhqbc4AA2ob
dtale vulnerable to Remote Code Execution through the Custom Filter InputEcosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV
Nautobot vulnerable to exposure of hashed user passwords via REST APIEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: about 1 month ago
Low
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URLEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1yanhnLXJwZzMtOXI4Oc4AA2oP
Fides Information Disclosure Vulnerability in Config API EndpointEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1qcTN3LTltZ2YtNDNtNM4AA2oO
Fides Server-Side Request Forgery Vulnerability in Custom Integration UploadEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS05cXFnLW1oN2MtY2hmcc4AA2oC
Apache Airflow vulnerable to Exposure of Sensitive InformationEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS05eDQzLTVxY3EtaDc5cc4AA2nF
Django Grappelli Open Redirect vulnerabilityEcosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1oNDU0LXJxM20tODlyY84AA2nE
Wagtail CRX CodeRed Extensions vulnerable to Path TraversalEcosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS02aDhwLTRoeDktdzY2Y84AA2mq
Langchain Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1qNDR2LW1tZjIteHZtOc4AA2mh
PDM Trojan LockfileEcosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01N2NyLXJxM2YtcHBteM4AA2me
modoboa Cross-Site Request Forgery vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS05d2ozLWNmcTgtd3B2as4AA2mc
modoboa Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS12OXZqLTlweHYtbXIyd84AA2kx
mycli has Inadequate Encryption StrengthEcosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: archivebox
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1jcjQ1LTk4dzktZ3dxeM4AA2kE
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins contextEcosystems: pypi
Packages: archivebox
Source: GitHub Advisory Database
Published: about 2 months ago
Low
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action viewsEcosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: torbot
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS03MnF3LXA3aGgtbTNmZs4AA2ju
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_linkEcosystems: pypi
Packages: torbot
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS02NTV3LWZtOG0tbTQ3OM4AA2ja
LangChain Server Side Request Forgery vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1nNG14LXE5dmctMjdwNM4AA2gt
urllib3's request body not stripped after redirect from 303 status changes request method to GETEcosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Published: about 2 months ago
Low
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaborationEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1nd3ZtLTQ1Z3gtM2NmOM4AA2c6
Authorization Header forwarded on redirectEcosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-onlyEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1qM3c4LTJwMmgtbXJyOc4AA2ci
Apache Airflow vulnerable to privilege escalationEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1jZ3gyLXJybXItang0M84AA2ch
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGsEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0zMndyLXFxdzYtNW1mcM4AA2cg
Apache Airflow vulnerable to sensitive information exposureEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: vantage6-node, vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS03eDk0LTZnMm0tM2hwMs4AA2cP
Defining resource name as integer may give unintended access in vantage6Ecosystems: pypi
Packages: vantage6-node, vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1nYzU3LXhoaDUtbTk0cs4AA2cO
Improper Access Control in vantage6Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted DataEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL eventsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1md2ZnLXZwcmgtOTdwaM4AA2Xz
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template EngineEcosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: pypi, maven, nuget
Packages: commondatamodel-objectmodel, com.microsoft.commondatamodel:objectmodel, Microsoft.CommonDataModel.ObjectModel
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS12bTJtLTdocHctZnBtcc4AA2XX
Microsoft Common Data Model SDK Denial of Service VulnerabilityEcosystems: pypi, maven, nuget
Packages: commondatamodel-objectmodel, com.microsoft.commondatamodel:objectmodel, Microsoft.CommonDataModel.ObjectModel
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec methodEcosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: pypi
Packages: webp
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1mOXBtLTRnOXAtNnZtM84AA2Rp
Bundled libwebp in pywebp vulnerableEcosystems: pypi
Packages: webp
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: pypi
Packages: ni-measurementlink-service
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS0zZjQ4LTlqN3EtcTJnds4AA2Qr
NI MeasurementLink Python Services Improper Access Restriction vulnerabilityEcosystems: pypi
Packages: ni-measurementlink-service
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerableEcosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS01NnB3LW1wajQtZnh3d84AA2QC
Bundled libwebp in Pillow vulnerableEcosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: 2 months ago
Low
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title propertyEcosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Published: 2 months ago
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
433
tensorflow-cpu
387
tensorflow-gpu
384
django
78
apache-airflow
65
ansible
53
rdiffweb
42
Pillow
40
apache-superset
39
plone
36
matrix-synapse
34
Plone
32
opencv-python
30
opencv-contrib-python
30
vyper
23
Django
16
langchain
15
modoboa
14
notebook
13
pyftpdlib
13
cobbler
13
nova
13
pillow
13
onionshare-cli
12
mlflow
12
cryptography
12
calibreweb
11
twisted
11
keystone
11
urllib3
11
OctoPrint
10
salt
10
kiwitcms
9
opencv-contrib-python-headless
9
opencv-python-headless
9
pyload-ng
9
glance
9
waitress
9
ethyca-fides
9
wagtail
9
Flask-AppBuilder
8
Zope
8
aiohttp
8
numpy
8
aubio
8
pysaml2
7
matrix-sydent
7
pip
7
paddlepaddle
7
python-keystoneclient
7
swift
7
vantage6
7
lief
6
mailman
6
ipython
6
web2py
6
inventree
6
graphite-web
6
python-gnupg
6
jupyter-server
6
Zope2
6
lxml
6
apache-airflow-providers-apache-hive
6
zope
5
bleach
5
gradio
5
keylime
5
tuf
5
requests
5
feedparser
5
neutron
5
pgadmin4
5
sentry
5
Products.CMFPlone
5
pyspark
5
starlette
4
aws-iot-device-sdk-v2
4
awsiotsdk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
PyPDF2
4
Pygments
4
qutebrowser
4
reportlab
4
httpie
4
omero-web
4
Flask-Security-Too
4
scrapy
4
gerapy
4
Jinja2
4
bottle
4
label-studio
4
werkzeug
4
markdown2
4
FreeTAKServer-UI
4
nltk
4
horizon
4
saleor
4
nvflare
4
datasette
4
mitmproxy
3
cinder
3
keyring
3
ray
3
indy-node
3
rsa
3
paramiko
3
grpcio
3
grpc
3
io.grpc:grpc-protobuf
3
GitPython
3
localstack
3
pretix
3
wger
3
bitlyshortener
3
barbican
3
plone.app.theming
3
plone.supermodel
3
indico
3
plone.app.dexterity
3
plone.app.event
3
ujson
3
sickrage
3
Products.PluggableAuthService
3
ansible-runner
3
pyarrow
3
fava
3
yt-dlp
3
oauthenticator
3
pywasm3
3
ckan
3
roundup
3
quokka
3
poetry
3
Weblate
3
slixmpp
3
trytond
3
copyparty
3
django-helpdesk
3
mistune
3
flask
3
jupyterhub
3
torchserve
3
tripleo-heat-templates
3
apache-airflow-providers-apache-spark
3
Werkzeug
3
protobuf
3
ecdsa
3
nautobot
3
asyncua
3
moin
3
pyyaml
3
mayan-edms
3
redis
2
ubi-reader
2
certifi
2
apache-airflow-providers-apache-drill
2
kallithea
2
html5lib
2
github.com/protocolbuffers/protobuf
2
google/protobuf
2
Google.Protobuf
2
cabot
2
org.apache.spark:spark-core
2
pandasai
2
tornado
2
guarddog
2
openzeppelin-cairo-contracts
2
typed-ast
2
pyxdg
2
keystonemiddleware
2
Twisted
2
Products.CMFCore
2
distributed
2
py
2
org.apache.spark:spark-parent_2.12
2
apache-submarine
2
superset
2
binwalk
2
petl
2
plone.restapi
2
djblets
2
aws-encryption-sdk-cli
2
asyncssh
2
Radicale
2
scancodeio
2
untangle
2
markdown-it-py
2
apache-iotdb
2
aiohttp-session
2
CairoSVG
2
mercurial
2
pyjwt
2
apache-airflow-providers-google
2
apache-airflow-providers-apache-sqoop
2
flower
2
RestrictedPython
2
djangorestframework
2
autobahn
2
python-cjson
2
piccolo
2
Red-DiscordBot
2
red-arrow
2
logilab-common
2
websockets
2
ansible-core
2
django-sendfile2
2
python-ldap
2
safeurl-python
2
pretalx
2
pypdf
2
ctx
2
snowflake-connector-python
2
plone.app.contenttypes
2
setuptools
2
pytorch-lightning
2
buildbot
2
starkbank-ecdsa
2
simiki
2
FreeTAKServer
2
archivy
2
scout-browser
2
django-anymail
2
proteus
2
ryu
2
parlai
2
uvicorn
2
aws-encryption-sdk
2
django-unicorn
2
pikepdf
2
shuup
2
dompurify
2
pycrypto
2
bikeshed
2
wasm3
2
django-cms
2
mindsdb
2
python-libnmap
2
apache-airflow-providers-odbc
2
mako
2
in-toto
2
python-apt
2
webargs
2
tripleo-ansible
2
tlslite-ng
2
httplib2
2
pyopenssl
2
AccessControl
2
sqlparse
2
openapi-python-client
2
rpyc
2
sanic
2
wagtail-2fa
2
loguru
2
keycloak-httpd-client-install
2
SQLAlchemy
2
aioxmpp
2
streamlit
2
parso
1
elastic-apm
1
tortoise-orm
1
gitpython
1
easybuild-framework
1
tkvideoplayer
1
tendenci
1
IPython
1
phoenix-ws
1
archivebox
1
dtale
1
oauthlib
1
autogluon.multimodal
1
openssl-src
1
torch
1
feedgen
1
sqlfluff
1
jupyter-core
1
binderhub
1
tqdm
1
admesh
1
marcador
1
apache-airflow-providers-microsoft-mssql
1
django-grappelli
1
onefuzz
1
com.google.protobuf:protobuf-parent
1
coderedcms
1
ceilometer
1
Beaker
1
suds
1
mat2
1
hnswlib
1
com.google.protobuf:protobuf-java
1
sqla-yaml-fixtures
1
octoprint
1
zbar
1
python-docx
1
clickhouse-driver
1
django-mfa2
1
exotel
1
jefferson
1
python-swiftclient
1
pdm
1