Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-django affected by Improper Handling of Case Sensitivity
Ecosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 3 hours ago
Moderate
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
GSA_kwCzR0hTQS1wNzJxLWgzN2otM2hxN84AA7Pf
dbt uses a SQLparse version with a high vulnerability
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Sentry vulnerable to leaking superuser cleartext password in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 9 days ago
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
High
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 days ago
High
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1nOWNqLWNmcHAtNGcyeM4AA7B5
gradio vulnerable to Path Traversal
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 9 days ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 9 days ago
High
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in Gunicorn
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 9 days ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 9 days ago
High
GSA_kwCzR0hTQS1td2M3LTY0d2ctcGd2as4AA69-
NiceGUI allows potential access to local file system
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 13 days ago
High
GSA_kwCzR0hTQS05OXcyLTY3aDgtNTk0OM4AA64t
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 14 days ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 14 days ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 14 days ago
High
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 14 days ago
Critical
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1oanE2LTUyZ3ctMmc3cM4AA63l
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 14 days ago
High
GSA_kwCzR0hTQS12NmYzLWdoNWgtbXF3eM4AA6wV
DIRAC: Unauthorized users can read proxy contents during generation
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1wMjh4LWhqNjgtN3ZmcM4AA6ug
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1jcjZmLWdmNXctdmhyY84AA6rV
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 19 days ago
High
GSA_kwCzR0hTQS0yN2p4LWZmdzgteHJxds4AA6pB
pgAdmin Remote Code Execution (RCE) vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS13cGZmLXdtODQteDVjeM4AA6o4
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
High
GSA_kwCzR0hTQS0ycTU5LWgyNGMtdzZmZ84AA6ks
Voilà Local file inclusion
Ecosystems: pypi
Packages: voila
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS00NHdtLWYyNDQteGhwM84AA6j6
Pillow buffer overflow vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 22 days ago
High
GSA_kwCzR0hTQS1wbXd3LXY2YzktN3A4M84AA6gN
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Ecosystems: pypi
Packages: piccolo-admin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 23 days ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1tcmozLWYyaDQtN3c0Nc4AA6av
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 27 days ago
High
GSA_kwCzR0hTQS03cjNoLTRwaDgtdzM4Z84AA6at
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 27 days ago
High
GSA_kwCzR0hTQS13djI4LTdmcHctZmo0Oc4AA6Vg
Lektor does not sanitize database path traversal
Ecosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
High
GSA_kwCzR0hTQS1yMzY0LW0yajktbWY0aM4AA6Un
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU
Apache Airflow Improper Preservation of Permissions vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1xODRtLXJtdzMtNDM4Ms4AA6Si
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Ecosystems: pypi
Packages: langchain-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 29 days ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 30 days ago
High
GSA_kwCzR0hTQS0zOGpyLTI5Zmgtdzl2bc4AA6RX
ansys-geometry-core OS Command Injection vulnerability
Ecosystems: pypi
Packages: ansys-geometry-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zeDlnLXhmajUtZnE4NM4AA6Nf
Cross-Site Request Forgery in Gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS01OTI1LTg4eGgtNmg5Oc4AA6NN
ESPHome vulnerable to Authentication bypass via Cross site request forgery
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS01NW0zLTQ0eGYtaGc0aM4AA6LI
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS13ajg1LXc0ZjQteGg4aM4AA6Gp
Denial of service via regular expression
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph function
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQL
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwt
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14aGp3LTd2aDUtcXhxbc4AA522
LibOSDP RMAC revert to the beginning of the session
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03OTQ1LTVtY3YtZjJwcM4AA521
LibOSDP vulnerable to a null pointer deref in osdp_reply_name
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mdng4LTc5aHgteDgyZs4AA520
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code execution
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_download
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoS
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04cDI1LTNxNDYtOHEycM4AA5sM
ESPHome vulnerable to remote code execution via arbitrary file write
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injection
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirect
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulation
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions Ignored
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host header
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanisms
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Statistics
Advisories: 17,930
Packages: 8,207
Repositories: 730
Ecosystems: 12
Filter by Severity
Moderate 7,709 High 6,220 Critical 2,754 Low 965
Filter by Ecosystem
maven 5,513 packagist 3,575 pypi 3,541 npm 3,530 go 1,857 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 apache-superset 48 rdiffweb 42 plone 42 Pillow 41 salt 38 Plone 36 matrix-synapse 35 vyper 32 opencv-python 30 mlflow 30 opencv-contrib-python 30 Django 21 langchain 18 PaddlePaddle 17 cobbler 17 paddlepaddle 15 cryptography 15 pillow 15 notebook 15 modoboa 14 gradio 14 pyload-ng 13 pyftpdlib 13 nova 13 OctoPrint 12 neutron 12 keystone 12 vantage6 12 onionshare-cli 11 twisted 11 calibreweb 11 glance 11 urllib3 11 Flask-AppBuilder 10 aiohttp 10 moin 9 ethyca-fides 9 kiwitcms 9 Zope 9 wagtail 9 opencv-python-headless 9 waitress 9 opencv-contrib-python-headless 9 zope 9 aubio 8 label-studio 8 numpy 8 matrix-sydent 7 jupyter-server 7 python-keystoneclient 7 pysaml2 7 nautobot 7 scrapy 7 swift 7 pip 7 lief 7 graphite-web 6 tuf 6 sentry 6 lxml 6 ipython 6 pgadmin4 6 Zope2 6 apache-airflow-providers-apache-hive 6 mindsdb 6 web2py 6 mailman 6 inventree 6 feedparser 5 lmdb 5 trytond 5 paramiko 5 bleach 5 requests 5 python-gnupg 5 pyspark 5 roundup 5 Products.CMFPlone 5 ckan 5 whoogle-search 5 horizon 5 saleor 5 datasette 4 ansible-core 4 httpie 4 oauthenticator 4 werkzeug 4 starlette 4 bottle 4 grpcio 4 grpc 4 reportlab 4 jupyterhub 4 yt-dlp 4 nvflare 4 nltk 4 Jinja2 4 pretix 4 markdown2 4 transformers 4 GitPython 4 qutebrowser 4 FreeTAKServer-UI 4 keylime 4 buildbot 4 Flask-Security-Too 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 esphome 4 omero-web 4 PyPDF2 4 Pygments 4 pyyaml 3 aim 3 rsa 3 flask 3 ecdsa 3 tripleo-heat-templates 3 indy-node 3 apache-airflow-providers-apache-spark 3 bitlyshortener 3 indico 3 gerapy 3 torchserve 3 pywasm3 3 protobuf 3 sickrage 3 Weblate 3 ujson 3 keyring 3 apache-libcloud 3 wger 3 ansible-runner 3 asyncua 3 pandasai 3 onnx 3 mayan-edms 3 apache-iotdb 3 sanic 3 mistune 3 zenml 3 poetry 3 copyparty 3 Werkzeug 3 asyncssh 3 ray 3 fava 3 jwcrypto 3 mitmproxy 3 django-helpdesk 3 plone.supermodel 3 Products.PluggableAuthService 3 localstack 3 plone.app.dexterity 3 plone.app.event 3 ryu 3 jupyterlab 3 slixmpp 3 tornado 3 streamlit 3 cinder 3 io.grpc:grpc-protobuf 3 clearml 3 barbican 3 docassemble.webapp 3 sqlparse 3 openvpn-monitor 3 quokka 3 Keystone 3 pyarrow 3 plone.app.theming 3 tlslite-ng 2 aws-encryption-sdk-cli 2 ctx 2 cabot 2 aiohttp-session 2 pyxdg 2 pyopenssl 2 keystonemiddleware 2 flaskcode 2 snowflake-connector-python 2 wasm3 2 zope2 2 apache-airflow-providers-apache-drill 2 dtale 2 python-cjson 2 openapi-python-client 2 Products.CMFCore 2 scancodeio 2 ubi-reader 2 tripleo-ansible 2 wagtail-2fa 2 mobsf 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/apache/airflow 90 https://github.com/django/django 72 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 51 https://github.com/ikus060/rdiffweb 42 https://github.com/plone/Products.CMFPlone 36 https://github.com/vyperlang/vyper 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/mlflow/mlflow 25 https://github.com/saltstack/salt 25 https://github.com/langchain-ai/langchain 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 13 https://github.com/gradio-app/gradio 13 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/janeczku/calibre-web 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/openstack/keystone 10 https://github.com/aio-libs/aiohttp 10 https://github.com/ethyca/fides 9 https://github.com/wagtail/wagtail 9 https://github.com/apache/superset 9 https://github.com/Pylons/waitress 9 https://github.com/scrapy/scrapy 8 https://github.com/giampaolo/pyftpdlib 8 https://github.com/octoprint/octoprint 8 https://github.com/kiwitcms/Kiwi 8 https://github.com/numpy/numpy 8 https://github.com/aubio/aubio 7 https://github.com/nautobot/nautobot 7 https://github.com/ipython/ipython 7 https://github.com/lief-project/LIEF 7 https://github.com/pgadmin-org/pgadmin4 7 https://github.com/mindsdb/mindsdb 6 https://github.com/lxml/lxml 6 https://github.com/getsentry/sentry 6 https://github.com/graphite-project/graphite-web 6 https://github.com/pypa/pip 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/matrix-org/sydent 6 https://github.com/HumanSignal/label-studio 6 https://github.com/pallets/werkzeug 5 https://github.com/mozilla/bleach 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/keylime/keylime 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/benbusby/whoogle-search 5 https://github.com/hwchase17/langchain 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/openstack/neutron 4 https://github.com/inventree/InvenTree 4 https://github.com/openstack/horizon 4 https://github.com/jhpyle/docassemble 4 https://github.com/py-pdf/pypdf 4 https://github.com/esphome/esphome 4 https://sourceforge.net/projects/sourceforge.net 4 https://github.com/simonw/datasette 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/ronf/asyncssh 4 https://github.com/rohe/pysaml2 4 https://github.com/psf/requests 4 https://github.com/bottlepy/bottle 4 https://github.com/saleor/saleor 4 https://github.com/grpc/grpc 4 https://github.com/ckan/ckan 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/huggingface/transformers 4 https://github.com/web2py/web2py 4 https://github.com/WeblateOrg/weblate 4 https://github.com/jupyterhub/oauthenticator 4 https://github.com/pretix/pretix 3 https://github.com/poezio/slixmpp 3 https://github.com/rochacbruno/quokka 3 https://github.com/ome/omero-web 3 https://github.com/python/cpython 3 https://github.com/paramiko/paramiko 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/onnx/onnx 3 https://github.com/pallets/jinja 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/run-llama/llama_index 3 https://github.com/encode/starlette 3 https://github.com/pyca/pyopenssl 3 https://github.com/beancount/fava 3 https://github.com/openstack/glance 3 https://github.com/pallets/flask 3 https://github.com/pytorch/serve 3 https://github.com/djblets/djblets 3 https://github.com/pygments/pygments 3 https://github.com/openstack/swift 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/openstack/nova 3 https://github.com/pypa/advisory-db 3 https://github.com/lepture/mistune 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/Gerapy/Gerapy 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/zenml-io/zenml 3 https://github.com/theupdateframework/tuf 3 https://github.com/github/securitylab 3 https://github.com/9001/copyparty 3 https://github.com/yaml/pyyaml 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/tornadoweb/tornado 3 https://github.com/hyperledger/indy-node 3 https://github.com/gventuri/pandas-ai 3 https://github.com/ansible/ansible-runner 3 https://github.com/trentm/python-markdown2 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/indico/indico 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/wasm3/wasm3 3 https://github.com/streamlit/streamlit 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/latchset/jwcrypto 3 https://github.com/nltk/nltk 3 https://github.com/faucetsdn/ryu 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/petl-developers/petl 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/DataDog/guarddog 2 https://github.com/Kozea/CairoSVG 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/plone/plone.restapi 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/Kozea/Radicale 2 https://github.com/dask/distributed 2 https://github.com/pretalx/pretalx 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/cure53/DOMPurify 2 https://github.com/IncludeSecurity/safeurl-python 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/jrspruitt/ubi_reader 2 https://github.com/jpadilla/pyjwt 2 https://github.com/inventree/inventree 2 https://github.com/pytest-dev/py 2 https://github.com/jdennis/keycloak-httpd-client-install 2 https://github.com/jaraco/keyring 2 https://github.com/eventlet/eventlet 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/NVIDIA/NeMo 2 https://github.com/ethereum/eth-abi 2 https://github.com/nexB/scancode.io 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/encode/uvicorn 2 https://github.com/embedchain/embedchain 2 https://github.com/mirumee/saleor 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/magnum 2 https://github.com/materialsproject/pymatgen 2 https://github.com/marshmallow-code/webargs 2 https://github.com/goToMain/libosdp 2 https://github.com/dlitz/pycrypto 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/django-wiki/django-wiki 2 https://github.com/man-group/dtale 2 https://github.com/heartexlabs/label-studio 2 https://github.com/home-assistant/core 2 https://github.com/html5lib/html5lib-python 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/httpie/httpie 2 https://github.com/httplib2/httplib2 2 https://github.com/labd/wagtail-2fa 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/dgtlmoon/changedetection.io 2 https://github.com/triaxtec/openapi-python-client 2 https://github.com/benoitc/gunicorn 2 https://github.com/tryton/trytond 2 https://github.com/scipy/scipy 2 https://github.com/savon-noir/python-libnmap 2 https://github.com/SAP/cloud-pysec 2 https://github.com/sanic-org/sanic 2 https://github.com/ultrajson/ultrajson 2 https://github.com/alex/rply 2 https://github.com/buildbot/buildbot 2