Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS12ZjhnLW0zdnEtNnA0cM4AAYdi
Plone Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00dndxLXg2NHEtajRjas4AAU96
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: ipython, notebook
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yNDItd2M4Ni04NzY4
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection
Ecosystems: pypi
Packages: python-fedora
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1mcG1yLXFtZ2gtNDJ4Ms4AAw_p
Apache Superset vulnerable to Injection
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Y3dnLTI1NzUtMzU0Ns4AARwd
Tryton Information Disclosure Vulnerability
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXFwLWM0NTItZjlyN84AAzdK
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qZzh3LXdneDItZzdxNM4AAyzG
Improper Restriction of Excessive Authentication Attempts in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qbXY5LTVneDgtN3hwZs4AAe6X
Minion identity not validated in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message Templates
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13cnh2LTJqNXEtbTM4d84AAtHM
lxml NULL Pointer Dereference allows attackers to cause a denial of service
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02eGN4LWd4N3ItcmNjas4AA1Ui
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint
Ecosystems: pypi
Packages: scancodeio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12cTNoLTNxN3YtOXByd84AAVFj
Django Allows Open Redirects
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jZm1yLTM4ZzktZjJoN84AAU-s
Pillow denial of service via Crafted Block Size
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00dnZtLTR3M3YtNm1yOM4AA0KJ
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
Ecosystems: pypi
Packages: PyPDF2, pypdf
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jcW1yLXJjcHItY3hoM84AAiwJ
Ansible password prompts could expose passwords
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jajc4LXJndzMtNGg1cM0xOw
Improper Restriction of XML External Entity Reference in trytond and proteus
Ecosystems: pypi
Packages: proteus, trytond
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjl4LXdtdzQtNDRxas4AAw74
Pyload Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yNTV3LXhwaDUteHZ4Ms4AAnsZ
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03eDk2LTJ3MzItdzNnd84AAyQ5
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Ecosystems: pypi
Packages: tripleo-ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NHg2LTZ3M3ItOWgybc4AAyQy
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Ecosystems: pypi
Packages: tripleo-ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NTg5LXIzMzUtNGY1Nc4AAnsP
SaltStack Salt Improper Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yY21qLXhwOGYtZjZxNM25SA
Trac Open redirect vulnerability
Ecosystems: pypi
Packages: trac
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mcGZ2LWpxbTktZjVqbc0c3Q
Incorrect Comparison in NumPy
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13N3JxLThmMmctanZxcs4AAdNj
Djiblets Cross-site scripting Vulnerability via JSON Objects
Ecosystems: pypi
Packages: Djblets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01MndyLTN2d3ctcm1wcc4AAejn
SOAPpy vulnerable to XML External Entity attacks
Ecosystems: pypi
Packages: SOAPpy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flaw
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zOWdmLTg2NHctcHh3NM4AAuZP
Unverified Password Change in OctoPrint
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12NjVnLWYzY2otZmpwNM4AAuXk
Regular expression denial of service in eth-account
Ecosystems: pypi
Packages: eth-account
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xaDRxLWZ3ZjgtcXFyd84AAgJY
Zope Denial of Service (DoS) vulnerability in ZServer
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05Y3dnLW1oeGYtaGg1Oc4AAYL4
Django Cross-site scripting (XSS) vulnerability via is_safe_url function
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4dnYtMnBtcS05ZnZ2
Moderate severity vulnerability that affects Plone and Zope2
Ecosystems: pypi
Packages: Plone, Zope2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS0zNjh2LTd2MzItNTJmeM4AAv_D
Overflow in `ResizeNearestNeighborGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yN3JjLTcyOGYteDV3Ms4AAv-_
`CHECK` fail via inputs in `SdcaOptimizer`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oanA1LWh2MzMtcTU4Z82zkw
Plone credentials stored in session cookie
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncTRwLTRoeHYtNXJnOc4AAtte
WASM3 segmentation fault
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01YzhwLXFoY2gtcWh4Ns4AAuf2
Deluge Web-UI vulnerable to XSS through a crafted torrent file
Ecosystems: pypi
Packages: deluge
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jZjRxLTRjcXItN2c3d80_oQ
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
Ecosystems: pypi
Packages: xml2rfc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zM3B2LXZjZ2gtamZnOc4AAyg6
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14eGNqLXJocWctbTQ2Z84AAv-x
Segfault via invalid attributes in `pywrap_tfe_src.cc`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxMzctODUzcC1nNWNm
Regular Expression Denial of Service in CairoSVG
Ecosystems: pypi
Packages: CairoSVG
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1jdndjLWc3ZnctN3hyas4AAf8c
Plone XSS Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxMnAtZmo0OS12cHhq
In marshmallow library the schema "only" option treats an empty list as implying no "only" option
Ecosystems: pypi
Packages: marshmallow
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3Y2Mtajc4dy1qNzN3
Ansible exposes sensitive data in log files and on the terminal
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1jNm1tLTJnODQtdjRtN84AAzGy
Mage-ai missing user authentication
Ecosystems: pypi
Packages: mage-ai
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: jupyter-notebook
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14cWNmLWhqOTItOTY3bc4AAtmk
Django REST framework XSS Vulnerability
Ecosystems: pypi
Packages: django-rest-framework
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOWc1LTk4cG0tdzZxN84AAVU1
Cobbler XSS Vulnerability
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZnFtLWptNTItZjl2Y84AAvGZ
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cXIteGgzdy1oNDM2
Jupyter Notebook XSS via untrusted notebooks
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS02NXh3LXBjcXctaGpyaM0vEA
Cross site scripting in apache airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00ZnctNzd2Ny05MjRt
Qutebrowser XSS Vulnerability
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwd3AtNjl4di1jNjdm
aiohttp-session Session Fixation vulnerability
Ecosystems: pypi
Packages: aiohttp-session
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13eGN3LXJxeGMtaGo4Nc2owA
FTP backend for Duplicity Discloses Passwords to Process Listing
Ecosystems: pypi
Packages: duplicity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14ZjM3LXFjdmYtN201N84AAp0a
Improper Authentication in SaltStack Salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwNHEteDhmMy1wN3Zx
Jupyter Notebook XSS via directory name
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13MzU4LXJqOTMtcjVxds4AArLC
Apache Superset Stored XSS on Dashboard markdown
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNXg2LTdxZ3AtamhmM84AA04g
ecrecover can return undefined data if signature does not verify
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qaHh3LTRodzQtbWhoN84AAgQB
MoinMoin improper access control on the included page for the rst parser
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ajR2LXBwMjgtbXh2N84AAu2F
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw
Zope Object Database (ZODB) Arbitrary files reading and deletion
Ecosystems: pypi
Packages: zodb3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmNnAtNHJ2Mi05cXJw
Path Traversal in bikshed
Ecosystems: pypi
Packages: bikeshed
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXI1bW0tcmY5Zs4AAv_B
`CHECK_EQ` fail via input in `SparseMatrixNNZ`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NGMtcHhqai1oODY2
Ansible does not verify that the server hostname matches a domain name in certificates
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3cTgtd3Z2aC1jOTdw
Moderate severity vulnerability that affects Zope2
Ecosystems: pypi
Packages: Zope2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNzItcm1tOS0ycWpy
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4anYtdjl4cS1tNWg5
Pillow Buffer overflow in ImagingFliDecode
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS00M3hnLTh3bWotY3c4aM4AAvn5
Apache Spark vulnerable to Log Injection
Ecosystems: pypi, maven
Packages: pyspark, org.apache.spark:spark-core
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZjMtcjdndy05cndn
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS05aGczLWhtbWYtYzNncs0hhg
Path Traversal in nemo-toolkit
Ecosystems: pypi
Packages: nemo-toolkit
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxeDgtNTg5ai1nY3B4
Moderate severity vulnerability that affects Plone and plone.app.users
Ecosystems: pypi
Packages: Plone, plone.app.users
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS00cjZqLWZ3Y3gtOTRjZs4AAvz3
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: snowflake-connector-python
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzbTktOWZqMi1tZndy
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Ecosystems: pypi
Packages: Products.isurlinportal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1weHh2LXJ2MzItMnFnds4AAekt
OpenStack Nova uses insecure keystone middleware tmpdir by default
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X
TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NzkzLXc0NHctbTd4bc3grw
Plone Zope cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ybTJ4LWhncjgtdzM0M84AAvJL
LIEF vulnerable to denial of service through segmentation fault
Ecosystems: pypi
Packages: lief
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qcWhjLW0yajMtZmpyeM4AA0Xp
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Ecosystems: pypi
Packages: sqlfluff
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00cnJyLWo3ZmYtcjg0NM4AAezp
python-keystoneclient missing expiration check in PKI token validation
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13M3B3LXF4amotNnBycs4AAesc
Plone Authenticated Denial of Service vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnd4LTRwNXYtOWcyZ84AAesQ
Plone is vulnerable to Information Exposure when generating zip archives
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xaHc0LXd3cjctZ2pjNc4AAu2c
TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04OXJxLTI3eHAtdmd2N84AAesK
Plone Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mN3I1LXE3Y3gtaDY2OM4AAu2k
TensorFlow vulnerable to segfault in `BlockLSTMGradV2`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wajY1LTNwZjYtYzVxNM4AAkEJ
python-apt Does Not Check Hash Signature
Ecosystems: pypi
Packages: python-apt
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03OHZ4LWdnY2gtd2dobc4AAfPg
Django Allows Redirect via Data URL
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNDU0LXJxM20tODlyY84AA2nE
Wagtail CRX CodeRed Extensions vulnerable to Path Traversal
Ecosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13cTZxLTZtMzItOXJ2Oc4AAu2l
TensorFlow vulnerable to `CHECK` fail in `SetSize`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05eDQzLTVxY3EtaDc5cc4AA2nF
Django Grappelli Open Redirect vulnerability
Ecosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13NnB3LTVnaDUtNDk1Ms4AAeQY
Plone python code injection
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OWhqLTQ3NGgtdjR4ds4AAeQj
Plone denial of service via RSS Feed Request
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNXZxLWd3MmMtcHE0N84AAu2i
TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qamdoLW0zMjItZmp4Ns4AAg4R
Openstack Octavia Access Control Vulnerability
Ecosystems: pypi
Packages: octavia
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yNzI2LXZtZnEtajlqM84AA1jZ
Open Redirect Vulnerability in jupyter-server
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00NDNqLTZwN2ctNnY0d84AAk_a
OpenStack Mistral DoS
Ecosystems: pypi
Packages: mistral
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05ZnBnLTgzOHYtd3B2N84AAu2v
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s
TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2