Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS00ZzgyLTNqY3ItcTUyd84AArNL
Malware in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00dndxLXg2NHEtajRjas4AAU96
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: ipython, notebook
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nZjJxLWoycXEtcGpmMs4AAfgV
OpenStack Keystone Allows Remote User Account Creation
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtNDUtbWdxbS1nam00
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Ecosystems: pypi
Packages: red-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS03OWpmLWNjbTgtNDN3N84AAdxo
ceph-deploy uses world-readable permissions on client.admin key
Ecosystems: pypi
Packages: ceph-deploy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14am1qLXAyNzgtNGpwNc4AAU0s
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoN20tcng0Zi00dnB2
CSRF can expose users authentication token
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1oZmcyLXdmNmoteDUzcM4AAXh2
SQLAlchemy vulnerable to SQL injection
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jeDk0LTNoNXgtY2M1N83AfQ
MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1obTM3LTl4aDItcTQ5Oc4AAtHw
Possible leak of key's raw field if declared length is incorrect
Ecosystems: pypi
Packages: openssh-key-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1meG14LXBmbTItODVtMs0kXw
Cross-site Scripting in Ericsson CodeChecker
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12cTNoLTNxN3YtOXByd84AAVFj
Django Allows Open Redirects
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jZm1yLTM4ZzktZjJoN84AAU-s
Pillow denial of service via Crafted Block Size
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1jbWc3LXhyMmotNHI5ds2fcg
MoinMoin Improper ACL handling for calendars and includes
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwaDItODMzNy1obTYy
Key Caching behavior in the DynamoDB Encryption Client.
Ecosystems: pypi
Packages: dynamodb-encryption-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS01M3dqLTZtN3ctajZtas2xNQ
MoinMoin Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12djZxLTZod3AtdnJncM4AA0JP
easy-parse XML External Entity Injection vulnerability
Ecosystems: pypi
Packages: easy-parse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03eDk2LTJ3MzItdzNnd84AAyQ5
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Ecosystems: pypi
Packages: tripleo-ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NHg2LTZ3M3ItOWgybc4AAyQy
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Ecosystems: pypi
Packages: tripleo-ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01Z2hnLTIzM2gtN2o3Oc4AAg3Z
PyDio Stored XSS Vulnerability
Ecosystems: pypi
Packages: Pydio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zNzN3LXJqODQtcHY2eM4AA0In
SafeURL-Python's hostname blocklist does not block FQDNs
Ecosystems: pypi
Packages: SafeURL-Python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00NDMzLTRjeHEtdnY3M84AAdH5
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
Ecosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13N3JxLThmMmctanZxcs4AAdNj
Djiblets Cross-site scripting Vulnerability via JSON Objects
Ecosystems: pypi
Packages: Djblets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01MndyLTN2d3ctcm1wcc4AAejn
SOAPpy vulnerable to XML External Entity attacks
Ecosystems: pypi
Packages: SOAPpy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzQ4LW1jd2cteG1xds4AAdkP
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NzVnLTQ0ODItcG05NM2xUg
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NzY2LXIycngtbWZ3Oc2xNg
MoinMoin Directory traversal vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mNDJwLXZjOHAtN3g1NM4AAvaj
MobSF allows attackers to read arbitrary files via a crafted HTTP request
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Y3dnLW1oeGYtaGg1Oc4AAYL4
Django Cross-site scripting (XSS) vulnerability via is_safe_url function
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04OWM5LTM3NTgtNzM3d84AATSE
keycloak-httpd-client-install Insecure Secrets
Ecosystems: pypi
Packages: keycloak-httpd-client-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01cXBwLXY1NmYtbXFmbc4AAe6w
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00M2hjLXB3dngtcG1mZ84AAU0S
OpenStack Compute (Nova) Denial of Service vulnerability
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13ODMyLXYzYzYtbTZyZ84AA1aR
pandasai vulnerable to prompt injection
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04Zmo5LXBqNHAtNHZxN82ydA
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qajJmLTU3amctNXJtNs2yfg
MoinMoin Improper Access Control
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05MmhjLWMyMjYtMzJxN84AAU0U
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cnJtLXh4dmgtN3I4N84AAaCd
OpenStack Glance arbitrary deletion of non-protected images
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tZm1qLWd3ZzMtdmh3N84AAU0Q
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxZmYtZngyeC1wODZ2
Improper Authentication
Ecosystems: pypi
Packages: botframework-connector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3NWYtZzdneC0ycjdw
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager
Ecosystems: pypi
Packages: Products.PluggableAuthService
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13ZjQ0LTRtZ2otcnd2eM4AAVU_
OpenStack Neutron Improper Input Validation vulnerability
Ecosystems: pypi
Packages: neutron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wMjU4LXhtaDMtNzJwds4AAefb
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01dzVjLTNnMjYtOG1tY84AAqGa
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
Ecosystems: pypi
Packages: openvpn-monitor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0NGoteHJxZy00eHJy
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Ecosystems: pypi
Packages: Products.PluggableAuthService
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS03aGptLWhxZ2oteHY5Zs3AVA
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yMnE2LXd3cTctMmpqOc4AAe3p
OpenStack Keystone Improper Authentication vulnerability
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNWg2LTQ5Z2ctMndmZ84AAnmm
GramAddict bot uses dependency with reverse tcp backdoor
Ecosystems: pypi
Packages: GramAddict
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNzR2LXI5NDctdjM0cs4AAQdC
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12Mmd3LXg1amYtcGd3ds25UQ
Mercurial Directory traversal vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02N3JoLTlwMjktdnJ4cs4AAU0M
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04djhmLXZjNzItcG1oY84AAQdq
OpenStack Identity Keystone Exposure of Sensitive Information
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycTgtODc3ai1nZ2hx
remote code execution via cache action in MoinMoin
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1jNHA5LTg3aDMtN3ZyNM4AAQdG
OpenStack Identity Keystone Improper Privilege Management
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1teGg4LXhncTktdzc4Ms2Y6Q
MoinMoin Insertion of Sensitive Information into Log File
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00MzdwLXF3OTUtd3Fxcs4AAa6S
Trac vulnerable to denial of service
Ecosystems: pypi
Packages: Trac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01djZxLXhxcTgtZzR4as4AAZ8S
Roundup Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNWNqLXd2MjQtOTJwNc285A
Django cross-site request forgery (CSRF) vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04M2ZtLXc3OW0tNjRyNc4AAzCj
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndmpnLXI5ZnYtN3F4Oc4AAdFg
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tY2NxLTNtN2gtZmp4Z84AAZ8T
Roundup Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13dzUzLXd4eHItOGY5d84AAa6J
Trac has vulnerability in HTML sanitizer filter
Ecosystems: pypi
Packages: Trac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXdxLW1qaDgtcTcybc4AAcZh
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
Ecosystems: pypi
Packages: python-keystoneclient, keystonemiddleware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2aHEtYzg5Ni13ODgy
Low severity vulnerability that affects Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3cTgtd3Z2aC1jOTdw
Moderate severity vulnerability that affects Zope2
Ecosystems: pypi
Packages: Zope2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNzItcm1tOS0ycWpy
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
GSA_kwCzR0hTQS1ncnA1LWgzNzktajc1eM4AAU0P
OpenStack Nova live snapshots use an insecure local directory
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zdng3LXhmZjYtaDJ2eM4AAU0O
OpenStack Nova instance migration process does not stop when instance is deleted
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZjMtcjdndy05cndn
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1mNTk0LWYzdjMtZzY0Oc4AAfCB
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
Ecosystems: pypi
Packages: pyshop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxeDgtNTg5ai1nY3B4
Moderate severity vulnerability that affects Plone and plone.app.users
Ecosystems: pypi
Packages: Plone, plone.app.users
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS01bWo2LTY0M2YtMmc4Nc4AAU0W
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13cmYyLTJyY2gtY21yOc4AAePJ
Plone is vulnerable to denial of service
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnh2LTY1cnYtNmh4cc4AAaC4
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ocTNmLTlnZjctNzNyOM4AAaKV
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocnY5LTR4NGMtOWpjOM4AAU0N
OpenStack Nova DoS through ephemeral disk backing files
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0cmYtcGMyNi02aG1y
OMERO webclient does not validate URL redirects on login or switching group.
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS02dzkzLTRjNHAteHYyeM4AAeRF
Plone Metadata Disclosure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cnJyLWo3ZmYtcjg0NM4AAezp
python-keystoneclient missing expiration check in PKI token validation
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oaHBqLTZwajctd3B4Nc4AAdRw
OpenStack Neutron Race condition vulnerability
Ecosystems: pypi
Packages: neutron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoNTItNHZtaC04eDRm
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1wdmh2LXF3YzgtcjJwZ84AAeQx
Plone Arbitrary File Read
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNDZnLXY3cjQtOXZocs4AAeQ7
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01NnB3LW1wajQtZnh3d84AA2QC
Bundled libwebp in Pillow vulnerable
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS00aHBqLThyaHYtOXg4N84AA0OV
Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
Ecosystems: pypi
Packages: Products.CMFCore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01d2h3LTVjbW0tOWp3NM4AAeQz
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OHZ4LWdnY2gtd2dobc4AAfPg
Django Allows Redirect via Data URL
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ
pip lack of randomness in build directory
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yNWpoLTVoNXItaDMzbc4AAeQy
Plone Sandbox Bypass
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yN3B4LXFwbWotcWczOM4AAfQT
Paste Script has improper group memberships permissions
Ecosystems: pypi
Packages: pastescript
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NnB3LTVnaDUtNDk1Ms4AAeQY
Plone python code injection
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OWhqLTQ3NGgtdjR4ds4AAeQj
Plone denial of service via RSS Feed Request
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12MzY3LXA1OHctOThoNc4AAaJC
PyCrypto makes Use of Insufficiently Random Values
Ecosystems: pypi
Packages: PyCrypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yZzUyLWo4N3ctcGY4M84AAeez
Plone Filesystem path information leak
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wNHhoLTQ4NjktOHZyZ84AApw_
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Ecosystems: pypi
Packages: lxdui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OHhyLXJtOXItN212Zs4AAU0L
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NzJyLTk3cjctdngycc4AA5gJ
pretix mishandles file validation
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mODg5LXdmd20tNnA3bc4AAeuL
OpenStack Identity Keystone Privilege Escalation vulnerability
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2