Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Browse all Security Advisories for pypi

Loading...
High
GSA_kwCzR0hTQS1namNjLWp2Z3ctd3Z3as4ABBmv
Litestar allows unbounded resource consumption (DoS vulnerability)
Ecosystems: pypi
Packages: litestar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 9 hours ago
Moderate
GSA_kwCzR0hTQS1qNHYzLXd3d3gtNWdxds4ABBli
django Filer Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: django-filer
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS12eGN2LTR4dmYtcGMyMs4ABBle
django CMS Attributes Field Cross-site Scripting
Ecosystems: pypi
Packages: djangocms-attributes-field
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 18 hours ago
High
GSA_kwCzR0hTQS01amZ3LWdxNjQtcTQ1Zs4ABBj9
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Ecosystems: pypi
Packages: lxml-html-clean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS04NDk1LTRnM2cteDdwcs4ABBeU
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0yN21mLWdocW0tajNqOM4ABBeT
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1tMjZjLWZjZ2gtY3A2aM4ABBeO
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1ndjVoLTU2NTUtaDRtds4ABBc_
django CMS Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0ycHBmLTJtNmYtNnY2Zs4ABBb9
OpenStack improperly deletes access rules
Ecosystems: pypi
Packages: python-openstackclient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1yNzM1LTlnYzYtMmh2cc4ABBYj
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1tOTgyLWg0ZjgtZzRoZs4ABBYf
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1majV2LXcyanAtd3F2as4ABBYg
Improper Access Control in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
High
GSA_kwCzR0hTQS00NmMzLTV4YzUtd3dods4ABBYW
Apache Airflow: Sensitive configuration values are not masked in the logs by default
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wandtLWNyMzYtbXd2M84ABBXw
ReDoS in giskard's transformation.py (GHSL-2024-324)
Ecosystems: pypi
Packages: giskard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qM3ZxLXBtcDUtcjV4as4ABBXQ
Missing ratelimit on passwrod resets in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS00Mjc3LW0zNXEtN2M5d84ABBVW
Salt preflight script could be attacker controlled
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 7 days ago
Low
GSA_kwCzR0hTQS05OXc2LTN4cGgtY3g3OM4ABBL2
Ansible-Core vulnerable to content protections bypass
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1mbXE2LTR3NTctMnczds4ABBGc
wasm3 uncontrolled memory allocation vulnerability
Ecosystems: cargo, pypi, swift
Packages: wasm3, pywasm3, github.com/shareup/wasm-interpreter-apple
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 days ago
Low
GSA_kwCzR0hTQS1qODU3LTJwd20tamptbc4ABBF-
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 13 days ago
High
GSA_kwCzR0hTQS02anJmLXJjamYtMjQ1cs4ABBEb
changedetection.io path traversal using file URI scheme without supplying hostname
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1yaG05LWdwNXAtNTI0OM4ABBBs
Gradio vulnerable to arbitrary file read with File and UploadButton components
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1mcG01LTJ3Y2otdmZyN84ABBBr
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1mM2Y4LXZ4M3ctaHA1cc4ABBBq
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0zMnA0LWdtMmMtd21jaM4ABBBX
ansible-core Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1jYzZ4LThjYzctOTk1M84ABA-T
OctoPrint has API key access in settings without reauthentication
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS14dnhxLWc4aHctZng0Z84ABA-S
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS01cDVyLTU3ZngtcG1mcs4ABA9K
Langflow vulnerable to remote code execution
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0zZ2Y5LXd2NjUtZ3doOc4ABA9G
gradio Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 16 days ago
High
GSA_kwCzR0hTQS02cDU1LXFyM2otbXBncc4ABA9H
AgentScope uses `eval`
Ecosystems: pypi
Packages: agentscope
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1nNXZ3LTNoNjUtMnEzds4ABA9F
Access control vulnerable to user data deletion by anonynmous users
Ecosystems: pypi
Packages: Zope, AccessControl
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1jd2dnLTU3eGotZzc3cs4ABA6Q
changedetection.io Path Traversal
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
High
GSA_kwCzR0hTQS01Nm02LTRtaHctaDNnNc4ABA19
langflow has vulnerability in PythonCodeTool component
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 21 days ago
Low
GSA_kwCzR0hTQS00NXBnLTM2cDYtODN2Oc4ABAya
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain-community, langchain
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1jbTU5LThybXYtZjJjas4ABAyJ
Lollms vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 23 days ago
Critical
GSA_kwCzR0hTQS05Mjk4LTRjZjgtZzR3as4ABAxr
Waitress has request processing race condition in HTTP pipelining with invalid first request
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 23 days ago
High
GSA_kwCzR0hTQS0zZjg0LXJwd2gtNDdnNs4ABAxp
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1qOTQ1LWM0NHYtOTdnNs4ABAt9
MPXJ has a Potential Path Traversal Vulnerability
Ecosystems: nuget, pypi, rubygems, maven
Packages: MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 23 days ago
High
GSA_kwCzR0hTQS13N2hxLWYycGotYzUzZ84ABAtM
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1xMzRtLWpoOTgtZ3dtMs4ABArD
Werkzeug possible resource exhaustion when parsing file data in forms
Ecosystems: pypi
Packages: quart, werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1mOXZqLTJ3aDUtZmo4as4ABArC
Werkzeug safe_join not safe on Windows
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS01dnZnLXB2aHAtaHYybc4ABApF
The Snowflake Connector for Python stores sensitive data in logs
Ecosystems: pypi
Packages: snowflake-connector-python
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 27 days ago
High
GSA_kwCzR0hTQS0zdnBjLTRwOXAtNDdoY84ABAkk
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
Ecosystems: pypi
Packages: curl-cffi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS05cncyLWpmOHgtY2d3bc4ABAY3
Flair allows arbitrary code execution
Ecosystems: pypi
Packages: flair
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jcm1qLXFoNzQtMnIzNs4ABAYy
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nOXhtLTc1MzgtbXE4d84ABAYx
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oZ2pwLTgzbTQtaDRmas4ABAS0
MySQL Connector/Python connector takeover vulnerability
Ecosystems: pypi
Packages: mysql-connector-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mOTZoLXBtZnItNjZ2d84ABARh
Starlette Denial of service (DoS) via multipart/form-data
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00cjd2LXdocGctOHJ4M84ABARe
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config File
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Y3A1LTNyZjgtOGdmaM4ABAEB
DeepSpeed Remote Code Execution Vulnerability
Ecosystems: pypi
Packages: deepspeed
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addresses
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Ecosystems: pypi
Packages: ironic
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00eHF2LTQ3cm0tMzdtbc4AA_7R
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04anhyLW1jY2MtbXdnOM4AA_7Q
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Ecosystems: pypi, rubygems
Packages: openc3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12Zmo4LTVwajctMmY5Z84AA_7P
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12eDNoLXF3cXctcjJ3cc4AA_6p
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01cmZ2LTY2ZzQtanI4aM4AA_3y
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
Ecosystems: pypi
Packages: RestrictedPython
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zNTV2LTJyangtZnB4N84AA_0k
Inefficient Regular Expression Complexity in langflow
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tODQyLTRxbTgtN2dwcc4AA_yD
Gradio allows users to access arbitrary files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12cmN4LWd4M2ctajNoOM4AA_xx
Heap-based Buffer Overflow in sqlite-vec
Ecosystems: cargo, rubygems, npm, pypi
Packages: sqlite-vec
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03OWdwLXE0d3YtMzNmcs4AA_xi
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Ecosystems: pypi
Packages: strawberry-graphql
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qbTl4LXJ4OXgtd3Bxas4AA_ue
OAuth2 client ID and secret exposed through the web browser
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yeHE4LXE4NWYtbTg2Ns4AA_tI
Prevent XSS from Confidant API call
Ecosystems: pypi
Packages: confidant
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13NjlxLXc0aDQtMmZ4OM4AA_sd
Reverb use after free vulnerability
Ecosystems: pypi
Packages: dm-reverb-nightly, dm-reverb
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1wMnFqLXI1M2otaDN4as4AA_sB
LangChain Experimental Eval Injection vulnerability
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 2 months ago
High
GSA_kwCzR0hTQS1wbXY5LTN4cXAtOHc0Ms4AA_rJ
Mesop has a local file Inclusion via static file serving functionality
Ecosystems: pypi
Packages: mesop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13MzkyLTc1cTgtdnI2N84AA_qa
Guardrails has an arbitrary code execution vulnerability
Ecosystems: pypi
Packages: guardrails-ai
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1nNHI3LTg2Z20tcGdxY84AA_qi
sqlitedict insecure deserialization vulnerability
Ecosystems: pypi
Packages: sqlitedict
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NHFtLTR2N3ItancyZs4AA_nH
Heap-based Buffer Overflow in MicroPython
Ecosystems: pypi
Packages: micropython-string, micropython-os-path, micropython-io, micropython-copy
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12aDN4LTUyNW0tanA0cs4AA_nK
heap-buffer-overflow in MicroPython
Ecosystems: pypi
Packages: micropython-os, micropython-io, micropython-copy
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wd3dwLTNxN2otOW14OM4AA_nB
Use After Free in MicroPython
Ecosystems: pypi
Packages: micropython-io, micropython-copy
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
High
GSA_kwCzR0hTQS13MnI3LTk1NzktMjdoZs4AA_m0
vLLM denial of service vulnerability
Ecosystems: pypi
Packages: vllm
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13YzM2LTk2OTQtZjlyZs4AA_mw
vLLM Denial of Service via the best_of parameter
Ecosystems: pypi
Packages: vllm
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
High
GSA_kwCzR0hTQS12MzQ1LXc5ZjItbXBtNc4AA_mp
Sentry improperly authorizes muting of alert rules
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS01NG0zLTk1ajktdjg5as4AA_mo
Sentry improperly authorizes deletion of user issue alert notifications
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 2 months ago
High
GSA_kwCzR0hTQS1mMmptLXJ3M2gtNnBoZ84AA_ma
LangChain pickle deserialization of untrusted data
Ecosystems: pypi
Packages: langchain-community
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tcm1oLTNocWgtcGZ3N84AA_jX
Composio Code Injection Vulnerability
Ecosystems: pypi
Packages: composio-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wbWhnLWY3d2MtYzk3bc4AA_i5
Aim Stored XSS through TEXT EXPLORER
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mZzVtLW03MjMtN212Ns4AA_jY
D-Tale Command Execution Vulnerability
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02NnIyLXhtMjgtNzR3Oc4AA_ju
Composio Path Traversal vulnerability
Ecosystems: pypi
Packages: composio-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 863
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 Django 100 apache-airflow 85 Plone 72 ansible 63 salt 56 apache-superset 51 nova 47 mlflow 46 django 44 rdiffweb 42 plone 41 vyper 38 matrix-synapse 35 moin 35 gradio 34 Pillow 31 opencv-python 31 opencv-contrib-python 31 keystone 31 pillow 26 glance 20 langchain 20 mindsdb 18 mercurial 18 cobbler 18 notebook 17 cryptography 16 paddlepaddle 16 pyload-ng 16 PaddlePaddle 16 neutron 16 ethyca-fides 15 OctoPrint 15 calibreweb 15 aiohttp 14 modoboa 14 lollms 14 pyftpdlib 14 vantage6 13 roundup 12 twisted 12 wagtail 12 urllib3 12 zenml 12 swift 12 trytond 11 onionshare-cli 11 waitress 11 horizon 11 nautobot 10 opencv-contrib-python-headless 10 opencv-python-headless 10 Flask-AppBuilder 10 sentry 10 pyspark 9 zope 9 cinder 9 python-keystoneclient 9 kiwitcms 9 ryu 9 ipython 8 aubio 8 ckan 8 pgadmin4 8 trac 8 numpy 8 Zope 8 litellm 8 label-studio 8 Products.CMFPlone 7 pysaml2 7 scrapy 7 pip 7 matrix-sydent 7 jupyter-server 7 inventree 7 lief 7 mailman 6 requests 6 graphite-web 6 tornado 6 Moin 6 yt-dlp 6 changedetection.io 6 web2py 6 aim 6 mage-ai 6 ansible-core 6 Zope2 6 tuf 6 apache-airflow-providers-apache-hive 6 lxml 6 ait-core 5 Jinja2 5 oauthenticator 5 Werkzeug 5 python-gnupg 5 werkzeug 5 paramiko 5 lmdb 5 dtale 5 bleach 5 saleor 5 nltk 5 grpcio 5 grpc 5 feedparser 5 omero-web 5 whoogle-search 5 jupyterhub 5 langchain-experimental 5 torchserve 5 pretix 5 streamlit 4 FreeTAKServer-UI 4 nvflare 4 reportlab 4 apache-iotdb 4 open-webui 4 Scrapy 4 qutebrowser 4 bottle 4 httpie 4 Weblate 4 Keystone 4 Nova 4 apache-submarine 4 jupyterlab 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 pywasm3 4 markdown2 4 codechecker 4 langflow 4 dbt-core 4 Radicale 4 langchain-community 4 onnx 4 tripleo-heat-templates 4 buildbot 4 barbican 4 indico 4 jwcrypto 4 PyPDF2 4 Pygments 4 keylime 4 wasmtime 4 esphome 4 mobsf 4 GitPython 4 indy-node 4 Flask-Security-Too 4 transformers 4 pycrypto 3 scikit-learn 3 plone.app.theming 3 pyyaml 3 TinyMCE 3 torch 3 pyarrow 3 Red-DiscordBot 3 slixmpp 3 h2o 3 rsa 3 django-tinymce 3 starlette 3 plone.app.dexterity 3 ydata-profiling 3 plone.supermodel 3 snowflake-connector-python 3 protobuf 3 plone.app.event 3 fava 3 docassemble.webapp 3 AccessControl 3 clearml 3 ray 3 asyncssh 3 io.grpc:grpc-protobuf 3 ansible-runner 3 mysql-connector-python 3 apache-airflow-providers-apache-spark 3 sanic 3 Kallithea 3 Mezzanine 3 sickrage 3 Products.PluggableAuthService 3 homeassistant 3 bitlyshortener 3 python-jose 3 poetry 3 localstack 3 sqlparse 3 SQLAlchemy 3 wasm3 3 datasette 3
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/django/django 113 https://github.com/apache/airflow 100 https://github.com/ansible/ansible 58 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/saltstack/salt 34 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 30 https://github.com/openstack/keystone 28 https://github.com/langchain-ai/langchain 22 https://github.com/mindsdb/mindsdb 17 https://github.com/pyload/pyload 16 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/ethyca/fides 15 https://github.com/aio-libs/aiohttp 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/modoboa/modoboa 13 https://github.com/wagtail/wagtail 12 https://github.com/urllib3/urllib3 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/onionshare/onionshare 11 https://github.com/zenml-io/zenml 11 https://github.com/scrapy/scrapy 11 https://github.com/Pylons/waitress 11 https://github.com/openstack/glance 11 https://github.com/nautobot/nautobot 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/apache/superset 10 https://github.com/getsentry/sentry 10 https://github.com/jupyter/notebook 10 https://github.com/openstack/horizon 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/parisneo/lollms 9 https://github.com/faucetsdn/ryu 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/pallets/werkzeug 8 https://github.com/numpy/numpy 8 https://github.com/OctoPrint/OctoPrint 8 https://github.com/zopefoundation/Zope 8 https://github.com/octoprint/octoprint 8 https://github.com/ckan/ckan 7 https://github.com/BerriAI/litellm 7 https://github.com/jupyter-server/jupyter_server 7 https://github.com/lief-project/LIEF 7 https://github.com/aubio/aubio 7 https://github.com/openstack/neutron 7 https://github.com/openstack/swift 7 https://github.com/openstack/cinder 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/lxml/lxml 6 https://github.com/tornadoweb/tornado 6 https://github.com/yt-dlp/yt-dlp 6 https://github.com/dgtlmoon/changedetection.io 6 https://github.com/matrix-org/sydent 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/pypa/pip 6 https://github.com/jupyterhub/oauthenticator 5 https://github.com/WeblateOrg/weblate 5 https://github.com/inventree/InvenTree 5 https://github.com/run-llama/llama_index 5 https://github.com/MobSF/Mobile-Security-Framework-MobSF 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/psf/requests 5 https://github.com/mozilla/bleach 5 https://github.com/benbusby/whoogle-search 5 https://github.com/keylime/keylime 5 https://github.com/roundup-tracker/roundup 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/man-group/dtale 5 https://github.com/jupyterlab/jupyterlab 5 https://github.com/hwchase17/langchain 5 https://github.com/tryton/trytond 5 https://github.com/pytorch/serve 5 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/jupyterhub/jupyterhub 4 https://github.com/huggingface/transformers 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/pallets/jinja 4 https://github.com/streamlit/streamlit 4 https://github.com/py-pdf/pypdf 4 https://github.com/onnx/onnx 4 https://github.com/ome/omero-web 4 https://github.com/hyperledger/indy-node 4 https://github.com/Cog-Creators/Red-DiscordBot 4 https://github.com/latchset/jwcrypto 4 https://github.com/dbt-labs/dbt-core 4 https://github.com/esphome/esphome 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/nltk/nltk 4 https://github.com/rohe/pysaml2 4 https://github.com/ronf/asyncssh 4 https://github.com/indico/indico 4 https://github.com/Ericsson/codechecker 4 https://github.com/wasm3/wasm3 4 https://github.com/bytecodealliance/wasmtime 4 https://github.com/jhpyle/docassemble 4 https://github.com/saleor/saleor 4 https://github.com/web2py/web2py 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/pretix/pretix 4 https://github.com/Kozea/Radicale 4 https://github.com/lepture/mistune 3 https://github.com/httplib2/httplib2 3 https://github.com/pypa/advisory-db 3 https://github.com/corydolphin/flask-cors 3 https://github.com/pyca/pyopenssl 3 https://github.com/poezio/slixmpp 3 https://github.com/Gerapy/Gerapy 3 https://github.com/rochacbruno/quokka 3 https://github.com/pygments/pygments 3 https://github.com/beancount/fava 3 https://sourceforge.net/projects/roject 3 https://github.com/home-assistant/core 3 https://github.com/zopefoundation/AccessControl 3 https://github.com/gventuri/pandas-ai 3 https://github.com/9001/copyparty 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/zopefoundation/RestrictedPython 3 https://github.com/micropython/micropython 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/certifi/python-certifi 3 https://github.com/apache/submarine 3 https://github.com/open-webui/open-webui 3 https://github.com/OpenC3/cosmos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/ankitects/anki 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/theupdateframework/tuf 3 https://github.com/djblets/djblets 3 https://github.com/tinymce/tinymce 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/python/cpython 3 https://github.com/github/securitylab 3 https://github.com/openstack/octavia 3 https://github.com/encode/starlette 3 https://github.com/ansible/ansible-runner 3 https://github.com/simonw/datasette 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/yaml/pyyaml 3 https://github.com/snowflakedb/snowflake-connector-python 3 https://github.com/sosreport/sos 3 https://github.com/pytorch/pytorch 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/paramiko/paramiko 3 https://github.com/pallets/flask 3 https://github.com/mpdavis/python-jose 3 https://github.com/Flask-Middleware/flask-security 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/jupyterhub/jupyter-server-proxy 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/NASA-AMMOS/AIT-Core 3 https://github.com/trentm/python-markdown2 3 https://github.com/pytest-dev/py 2 https://github.com/nexB/scancode.io 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/clinical-genomics/scout 2 https://github.com/ComposioHQ/composio 2 https://github.com/Exiv2/exiv2 2 https://github.com/GeoNode/geonode 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/geopython/OWSLib 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/getsentry/sentry-python 2 https://github.com/pypa/setuptools 2 https://github.com/eventlet/eventlet 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/devsnd/cherrymusic 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/ParisNeo/lollms 2 https://github.com/Netflix/lemur 2 https://github.com/django-cms/django-cms 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/django-wiki/django-wiki 2 https://github.com/openstack/ossa 2 https://github.com/dnkorpushov/ebookmeta 2 https://github.com/openstack/mistral 2 https://github.com/encode/django-rest-framework 2 https://github.com/openstack/magnum 2 https://github.com/embedchain/embedchain 2 https://github.com/openstack/barbican 2 https://github.com/openstack/ironic 2