Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qanc1LXh4ajYtcGN2Nc4AAktO
scikit-learn Deserialization of Untrusted Data
Ecosystems: pypi
Packages: scikit-learn
Source: GitHub Advisory Database
Blast Radius: 50.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS12Z2htLThjanAtaGp3Ns4AA0xF
postgraas-server vulnerable to SQL injection
Ecosystems: pypi
Packages: postgraas-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1nY2pmLTI5bTktODg4cc4AAwMe
PaddlePaddle vulnerable to Code Injection
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM
SaltStack Salt Server Side Template Injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyanItdmM3ai1nNzYy
Potential buffer overflow in psd-tools
Ecosystems: pypi
Packages: psd-tools
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS1xNTNqLXA2cjItZzJ2NM4AAjV1
SaltStack Salt is vulnerable to command injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01ODh3LXc2bXYtM2N3Nc3sUg
Ansible Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxMnItcXhwNi1oNWo2
Improper Restriction of XML External Entity Reference in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNzUtNjkzOC13eDU4
python-docutils allows insecure usage of temporary files
Ecosystems: pypi
Packages: docutils
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS04N3I3LXE1NGotZjlxZ84AAdKx
OpenStack Murano Code Execution
Ecosystems: pypi
Packages: python-muranoclient, murano-dashboard, murano
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13Nzk5LXByZzMtY3g3N84AAcB6
python-jose failure to use a constant time comparison for HMAC keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jd3doLTQzODItNmZ3cs4AASIn
Dulwich RCE Vulnerability
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14eHczLTc2NW0tZjM3cM4AAnsH
SaltStack Salt Improper Authentication vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02aHJnLXFtdmMtMnhoOM4AAvFP
joblib vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: joblib
Source: GitHub Advisory Database
Blast Radius: 47.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNmh3LXdtNTktM2c1Z84AA0-Q
Sydent does not verify email server certificates
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05cTYyLXI3MmctcHZ2N84AAiBq
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oOHhwLWgzamYtd3Y0ds4AAhVu
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oaDdqLXBnMzktcTU2M84AAzdO
toui allows user-specific variables to be shared between users
Ecosystems: pypi
Packages: toui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qNjl4LXY0d2MtM2ZwZs4AAxzJ
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-sqoop
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0eDQtOThjZy13cjRn
Code injection in Danijar Definitions
Ecosystems: pypi
Packages: definitions
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1tcTI5LWo1eGYtY2p3cs4AA2cZ
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Ecosystems: pypi
Packages: pyminizip
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1oNmd3LXI1MmMtNzI0cs0oig
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14NDIyLTZxaHYtcDI5Z84AAzAd
Relative path traversal in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepoints
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yZ3dqLTdqbXYtaDI2cs07Ng
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03Nng0LXgzcDYtcnByOc4AAnsY
SaltStack Salt Directory Traversal vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13MmhyLTNtYzgtNDZnaM4AAnse
SaltStack Salt eauth tokens can be used once after expiration
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qNjZxLXFtcmMtODlyeM4AAm7X
jsonpickle unsafe deserialization
Ecosystems: pypi
Packages: jsonpickle
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyY2YtZzUzOS14Nmgz
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Ecosystems: pypi
Packages: rediswrapper
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2ZzMtY2Y5Mi1oMmg3
Insufficient Verification of Data Authenticity in python-keystoneclient
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtMnAtZmh3eC05Mjg1
Incorrect Permission Assignment for Critical Resource in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1oNjVnLWpmcWctMnc2bc0wtg
Server-Side Request Forgery in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jNzRjLXA0cDctcjhxNc4AAiBu
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qY2htLWZtNHEtYzJmcM4AAzHG
Apache Airflow vulnerable to Privilege Context Switching Error
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14NTQ5LXI3bTgtZ3Y2M84AAQNo
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14eHZqLThnNW0tNHFnd84AAZkW
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MzhqLTRycjUtaHFyas4AAnOo
git-big-picture Code Execution
Ecosystems: pypi
Packages: git-big-picture
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01cDh2LTU4cW0tYzdmcM4AAu9_
python-jwt vulnerable to token forgery with new claims
Ecosystems: pypi
Packages: python-jwt
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jaGo3LXczZjYtY3Zmas4AA4mF
Code Injection in paddlepaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyOGoteHZmai0zNmY5
Code injection in ymlref
Ecosystems: pypi
Packages: ymlref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS05bXdmLW13NzQtOWN2Nc4AAxzN
Apache Airflow Hive Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtd3cteHZoNy1mcTRm
Koji hub call does not perform correct access checks
Ecosystems: pypi
Packages: koji
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS12ODk5LTI4ZzQtcW1oOM0WyQ
XML External Entity vulnerability in Easy-XML
Ecosystems: pypi
Packages: easy-xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnNGYtanFtNS00bWdx
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeHEtNzVydy1maGo5
Eve allows execution of arbitrary code
Ecosystems: pypi
Packages: eve
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnAtaGd4NS0ycGZo
Improper Authentication in Buildbot
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1Nzgtajk5Mi01NTR4
Ansible fails to properly mark lookup-plugin results as unsafe
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1mZmY4LTR3OXAtN3Y3Ns4AAbau
Command Injection in Pygments
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wMzczLWpxZm0tajZ3cs4AAveY
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Ecosystems: pypi
Packages: Shinken
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zZjd3LXA4dnItNHY1Zs4AA7Ss
pyLoad allows upload to arbitrary folder lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 days ago
Critical
GSA_kwCzR0hTQS04cHBmLXg0Z3ItMng3Z84AAX7E
SQL injection in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3djctM3Y0NS1oZzI5
Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qdzM2LW1ydmctajVmeM4AAvjj
Rdiffweb subject to Business Logic Errors
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 19 days ago
Critical
GSA_kwCzR0hTQS04ZzIzLTJxNXAtODg2Ns4AAxzQ
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ybWYyLXB3ZnEtaDc1as4AAwAD
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04cnA2LXgzcjctNXF3M84AAnsd
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 19 days ago
Critical
GSA_kwCzR0hTQS1naGMyLWh4M3ctanFtcM4AAnsb
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04dmoyLXZ4eDMtNjY3d80hfA
Arbitrary expression injection in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4NzMteGNxcS14OTIy
Command Injection in Simiki
Ecosystems: pypi
Packages: simiki
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tdjhnLWZoaDYtNjI2N84AAYRT
Django user with hardcoded password created when running tests on Oracle
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jM3hxLWNqOGYtNzgyOc0WdQ
Inadequate Encryption Strength in python-keystoneclient
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Critical
GSA_kwCzR0hTQS01N3d4LW05ODMtMmY4OM0XCw
Incomplete validation in boosted trees code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03d3FmLWgzNnctNDdtY84AAwAE
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14MnBjLWZxcnctaGM3Zs4AAtSf
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
Ecosystems: pypi
Packages: opendiamond
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1wZjNwLXY5eHAtbXJ2Zs4AAq3o
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12N21oLTNqZ2YtcjI2Y84AAaDG
OpenStack Object Storage (swift) Code Injection vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wamhmLXZweDMtMzNyM84AAklg
SaltStack Salt Unauthenticated Remote Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04NDM0LXY3eHctOG05eM0loA
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Ecosystems: pypi
Packages: APKLeaks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 19 days ago
Critical
GSA_kwCzR0hTQS0yOWozLTI0NDYtNWo0d84AAmhY
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nMjgzLTg4djUtcm1xMs4AASb0
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qNmdqLXBnNjIteDhqNs4AAYNc
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14cDdwLTNneDctajZ3eM0kHw
calibre-web is vulnerable to Business Logic Errors
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wNHhoLTQ4NjktOHZyZ84AApw_
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Ecosystems: pypi
Packages: lxdui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Z2MtdjJ4di1ydnZo
Out-of-bounds Read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxMjctdjd4cC1jMzU2
Buffer Overflow in pycrypto
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS0yanh3LTRobTQtNnc4N84AA4mj
SQL injection in llama-index
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00ZzgyLTNqY3ItcTUyd84AArNL
Malware in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05dzdmLW00ajQtajN4d80g4g
Gerapy < 0.9.8 may cause remote code execution
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ndjg1LXdneGMtdmM1Ns4AATWy
web2py is vulnerable to password brute-force attack
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 764
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 50 apache-superset 48 Plone 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 mlflow 31 opencv-python 30 opencv-contrib-python 30 Django 27 moin 23 langchain 18 PaddlePaddle 17 mercurial 17 cobbler 17 pillow 16 nova 15 paddlepaddle 15 notebook 15 cryptography 15 gradio 14 modoboa 14 pyftpdlib 14 keystone 14 pyload-ng 14 neutron 13 OctoPrint 12 vantage6 12 glance 11 calibreweb 11 twisted 11 urllib3 11 aiohttp 11 onionshare-cli 11 trytond 10 wagtail 10 Flask-AppBuilder 10 zope 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ethyca-fides 9 waitress 9 Zope 9 kiwitcms 9 trac 8 numpy 8 python-keystoneclient 8 aubio 8 roundup 8 nautobot 8 label-studio 8 swift 7 jupyter-server 7 pysaml2 7 pgadmin4 7 lief 7 scrapy 7 ipython 7 pip 7 matrix-sydent 7 mailman 6 apache-airflow-providers-apache-hive 6 lxml 6 Zope2 6 sentry 6 tuf 6 web2py 6 horizon 6 graphite-web 6 mindsdb 6 inventree 6 bleach 5 pyspark 5 saleor 5 lmdb 5 ckan 5 requests 5 python-gnupg 5 feedparser 5 whoogle-search 5 Products.CMFPlone 5 paramiko 5 cinder 5 jupyterhub 4 tripleo-heat-templates 4 bottle 4 Radicale 4 aws-iot-device-sdk-v2 4 Pygments 4 reportlab 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 markdown2 4 awsiotsdk 4 nltk 4 starlette 4 nvflare 4 datasette 4 Jinja2 4 ansible-core 4 transformers 4 esphome 4 httpie 4 Flask-Security-Too 4 grpc 4 keylime 4 grpcio 4 oauthenticator 4 FreeTAKServer-UI 4 tornado 4 PyPDF2 4 buildbot 4 pretix 4 werkzeug 4 GitPython 4 omero-web 4 yt-dlp 4 jwcrypto 4 qutebrowser 4 mistune 3 Mezzanine 3 gerapy 3 SQLAlchemy 3 copyparty 3 django-helpdesk 3 Werkzeug 3 dulwich 3 pyyaml 3 sanic 3 flask 3 pandasai 3 mayan-edms 3 barbican 3 aim 3 indy-node 3 protobuf 3 ryu 3 streamlit 3 httplib2 3 sosreport 3 zenml 3 sickrage 3 rsa 3 Weblate 3 ujson 3 openvpn-monitor 3 Keystone 3 pyarrow 3 Products.PluggableAuthService 3 changedetection.io 3 ajenti 3 fava 3 Moin 3 pycrypto 3 mitmproxy 3 keyring 3 io.grpc:grpc-protobuf 3 wger 3 apache-libcloud 3 ecdsa 3 plone.app.event 3 plone.app.theming 3 plone.app.dexterity 3 plone.supermodel 3 sqlparse 3 homeassistant 3 onnx 3 asyncua 3 torchserve 3 ansible-runner 3 localstack 3 poetry 3 bitlyshortener 3 indico 3 octavia 3 slixmpp 3 jupyterlab 3 clearml 3 docassemble.webapp 3 apache-iotdb 3 asyncssh 3 quokka 3 pywasm3 3 apache-airflow-providers-apache-spark 3 ray 3 python-jose 3 pymatgen 2 pyxdg 2 openapi-python-client 2 wagtail-2fa 2 zope2 2 py 2 ctx 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/apache/airflow 90 https://github.com/django/django 74 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/mlflow/mlflow 25 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/modoboa/modoboa 13 https://github.com/gradio-app/gradio 13 https://github.com/twisted/twisted 12 https://github.com/urllib3/urllib3 11 https://github.com/aio-libs/aiohttp 11 https://github.com/openstack/keystone 11 https://github.com/onionshare/onionshare 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/giampaolo/pyftpdlib 9 https://github.com/Pylons/waitress 9 https://github.com/apache/superset 9 https://github.com/ethyca/fides 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/scrapy/scrapy 8 https://github.com/nautobot/nautobot 8 https://github.com/octoprint/octoprint 8 https://github.com/numpy/numpy 8 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/aubio/aubio 7 https://github.com/lief-project/LIEF 7 https://github.com/graphite-project/graphite-web 6 https://github.com/getsentry/sentry 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/lxml/lxml 6 https://github.com/pypa/pip 6 https://github.com/mindsdb/mindsdb 6 https://github.com/HumanSignal/label-studio 6 https://github.com/matrix-org/sydent 6 https://github.com/pallets/werkzeug 5 https://sourceforge.net/projects/sourceforge.net 5 https://github.com/openstack/nova 5 https://github.com/mozilla/bleach 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/hwchase17/langchain 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/openstack/horizon 5 https://github.com/benbusby/whoogle-search 5 https://github.com/yt-dlp/yt-dlp 4 https://github.com/jhpyle/docassemble 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/openstack/neutron 4 https://github.com/ckan/ckan 4 https://github.com/jupyterhub/oauthenticator 4 https://github.com/inventree/InvenTree 4 https://github.com/web2py/web2py 4 https://github.com/latchset/jwcrypto 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/WeblateOrg/weblate 4 https://github.com/Kozea/Radicale 4 https://github.com/huggingface/transformers 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/rohe/pysaml2 4 https://github.com/ronf/asyncssh 4 https://github.com/py-pdf/pypdf 4 https://github.com/bottlepy/bottle 4 https://github.com/grpc/grpc 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/simonw/datasette 4 https://github.com/tornadoweb/tornado 4 https://github.com/saleor/saleor 4 https://github.com/psf/requests 4 https://github.com/openstack/cinder 3 https://github.com/beancount/fava 3 https://github.com/encode/starlette 3 https://github.com/onnx/onnx 3 https://github.com/python/cpython 3 https://github.com/ome/omero-web 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/paramiko/paramiko 3 https://github.com/pallets/jinja 3 https://github.com/rochacbruno/quokka 3 https://github.com/poezio/slixmpp 3 https://github.com/pallets/flask 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/run-llama/llama_index 3 https://github.com/pretix/pretix 3 https://github.com/openstack/swift 3 https://github.com/pytorch/serve 3 https://github.com/djblets/djblets 3 https://github.com/dlitz/pycrypto 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/pyca/pyopenssl 3 https://github.com/openstack/octavia 3 https://github.com/pygments/pygments 3 https://github.com/pypa/advisory-db 3 https://github.com/openstack/glance 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/Gerapy/Gerapy 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/theupdateframework/tuf 3 https://github.com/github/securitylab 3 https://github.com/ansible/ansible-runner 3 https://github.com/trentm/python-markdown2 3 https://github.com/gventuri/pandas-ai 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/home-assistant/core 3 https://github.com/lepture/mistune 3 https://github.com/httplib2/httplib2 3 https://github.com/wasm3/wasm3 3 https://github.com/hyperledger/indy-node 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/yaml/pyyaml 3 https://github.com/9001/copyparty 3 https://github.com/zenml-io/zenml 3 https://github.com/indico/indico 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/streamlit/streamlit 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/mpdavis/python-jose 3 https://github.com/nltk/nltk 3 https://github.com/faucetsdn/ryu 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/sosreport/sos 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/furlongm/openvpn-monitor 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/Kozea/CairoSVG 2 https://github.com/DataDog/guarddog 2 https://github.com/dask/distributed 2 https://github.com/pretalx/pretalx 2 https://github.com/nexB/scancode.io 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/ethereum/eth-abi 2 https://github.com/plone/plone.restapi 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/IncludeSecurity/safeurl-python 2 https://github.com/cure53/DOMPurify 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/NVIDIA/NeMo 2 https://github.com/corydolphin/flask-cors 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/eventlet/eventlet 2 https://github.com/inventree/inventree 2 https://github.com/jrspruitt/ubi_reader 2 https://github.com/jpadilla/pyjwt 2 https://github.com/jelmer/dulwich 2 https://github.com/jdennis/keycloak-httpd-client-install 2 https://github.com/jaraco/keyring 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/geopython/OWSLib 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/materialsproject/pymatgen 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/goToMain/libosdp 2 https://github.com/marshmallow-code/webargs 2 https://github.com/django-wiki/django-wiki 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/man-group/dtale 2 https://github.com/embedchain/embedchain 2 https://github.com/heartexlabs/label-studio 2 https://github.com/encode/uvicorn 2 https://github.com/html5lib/html5lib-python 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/httpie/httpie 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/labd/wagtail-2fa 2 https://github.com/petl-developers/petl 2 https://github.com/Netflix/lemur 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/devsnd/cherrymusic 2 https://github.com/dbt-labs/dbt-core 2