Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4NHctNXYzZi1xNDk5
Base class whitelist configuration ignored in OAuthenticator
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cnItNHJoOS1oaHdo
Memory leak in Nanopb
Ecosystems: pypi
Packages: nanopb
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0aHYtcWpqcS1oN2c1
datasette-graphql leaks details of the schema of private database files
Ecosystems: pypi
Packages: datasette-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSON
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qY3ItcnFqZy1yaGcz
Implementation trusts the "me" field returned by the authorization server without verifying it
Ecosystems: pypi
Packages: datasette-indieauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZmotd2p2OS00Zjl2
Open redirect in Jupyter Server
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3dm0tZjVwNC04ZnFo
Open redirect in Jupyter Notebook
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3aGYtZzZqNS1qNWdj
Float cast overflow undefined behavior
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyZnAtajJtcC1ocTlj
Segfault in `tf.quantization.quantize_and_dequantize`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycTgtODc3ai1nZ2hx
remote code execution via cache action in MoinMoin
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxOTYtNnhocS1mZjQz
malicious SVG attachment causing stored XSS vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVobW0teDhxOC13NWpo
LDAP authentication bypass with empty password
Ecosystems: pypi
Packages: alerta-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3AtbTdtcS03cTNy
CLI does not correctly implement strict mode
Ecosystems: pypi
Packages: aws-encryption-sdk-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnZ20tanBnMy12NDc2
RSA decryption vulnerable to Bleichenbacher timing vulnerability
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wOW0tZzdxai02dnFy
Unauthorized privilege escalation in Mod module
Ecosystems: pypi
Packages: red-discordbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4MmMtajRtcS01eGZ3
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4NGgtdzZjci01djhx
Markdown-supplied Shell Command Execution
Ecosystems: pypi
Packages: lookatme
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzOW0tNHhwdy12MzR2
Arbitrary Code Execution in blazar-dashboard
Ecosystems: pypi
Packages: blazar-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyNTctamZ2di1oM3g1
Privilege Escalation in Channelmgnt plug-in for Sopel
Ecosystems: pypi
Packages: sopel_plugins.channelmgnt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzNjYtNHJ2di05NXgy
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Ecosystems: pypi
Packages: cryptoauthlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3Z20tcmZndi13OTcz
Potential DoS with NumberFilter conversion to integer values.
Ecosystems: pypi
Packages: django-filter
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4MngtODVnci13cnBx
Out of bounds access in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyY3EtY3ByZy1mcnZt
Out of bounds write in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqbXEtMjM2ai04bTg3
Denial of service in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5ajcteDk4ci1yNHcy
Segmentation fault in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2cGMtOHBoaC04ZjQ1
Out of bounds access in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoMzItNmpqYy1xcHJt
Null pointer dereference in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14amotOTUzdy0yYzJ2
Data corruption in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cWYtM2ZjNi04eDM0
Segfault and data corruption in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4Z3YtcTd3ci05amY4
Segfault in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1Z2gtMndyMi1wbTZn
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3cDUtNTc1OS1xdjQ2
Data leak in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtcTctN2Z4bS1ycjc5
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2ZmctbWp4Zy1ocXE0
Integer truncation in Shard API usage
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1ZjgtZ2Z3NS0zM3c0
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cnAtNzR4Mi1tamYz
Segfault in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjNTMtNDRjai12ZnZ4
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzeG0tcng1cC14dnFy
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqamctaGd2Ni1oNjl2
Memory corruption in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4cWotZmM5cS1jcGhy
Undefined behavior in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1Y3AtOXBjZi1wcDNo
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjODctNnZwcC03ZmYz
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTktMmY5Mi01Y3Bo
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcXAtN3YyaC0yMzgy
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeHctNzZweC0zcnh2
Memory leak in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnOWYtNjNyeC01Y3c0
Segfault in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3Y2ctN3hxdy1xY3h3
Heap Overflow in PyMiniRacer
Ecosystems: pypi
Packages: py-mini-racer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtNTI0OS04aGdn
personnummer/python vulnerable to Improper Input Validation
Ecosystems: pypi
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4bXItanYyYy12OG1n
Invalid root may become trusted root in The Update Framework (TUF)
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyNTctOTZ2Zy1xZjZ4
Remote Code Execution in Red Discord Bot
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1ajktODQ5eC0yNmg0
Remote Code Execution in Red Discord Bot
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4MjgtOXZoNi05bTZq
Client Denial of Service on TUF
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cWYtOWg3ai03bXY4
Incorrect threshold signature computation in TUF
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4NGMtNjNwZi01MjVm
Arbitrary Code Generation
Ecosystems: pypi
Packages: openapi-python-client
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3Z3ItNzY2Ni03cHdq
Path Traversal in openapi-python-client
Ecosystems: pypi
Packages: openapi-python-client
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2ajMtYzR3Yy02M3Z3
CSRF tokens leaked in URL by canned query form
Ecosystems: pypi
Packages: datasette
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5N2gtMnBmeC1mNTlm
HTTP response splitting in uvicorn
Ecosystems: pypi
Packages: uvicorn
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzYzctMm1wdy1oZzM0
Log injection in uvicorn
Ecosystems: pypi
Packages: uvicorn
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxaGcteGpoaC1wOGhm
Out-of-bounds reads in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NDMtbTdtdy1teHFt
Buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqNDIteHEzci1ocjNy
Out-of-bounds reads in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZnEtdzhxcS12ODho
Out-of-bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3ajktYzUyZy13MnE5
Authorization Bypass in I hate money
Ecosystems: pypi
Packages: ihatemoney
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozOGMtMjVmai1tcjg0
Stored XSS in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnMnctNWYzdi1tZm1t
Insecure default config of Celery worker in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Command injection via Celery broker in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2bXEtNHg2Ni1xN2oz
Remote code execution in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cDMtcXc1Yy1taHBj
Multiple stored XSS in RBAC Admin screens in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3bTktOTQ5Ny1wOWdy
Possible pod name collisions in jupyterhub-kubespawner
Ecosystems: pypi
Packages: jupyterhub-kubespawner
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzMtOWhncS1qN3h3
Cross-Site Scripting in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZocjYtcHZqbS05cXdm
User passwords are stored in clear text in the Django session
Ecosystems: pypi
Packages: django-two-factor-auth
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM2MtOHhmMy1nZ3Jy
Directory traversal outside of SENDFILE_ROOT in django-sendfile2
Ecosystems: pypi
Packages: django-sendfile2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zOGotcG1nMy12NXg1
Timing attack on django-basic-auth-ip-whitelist
Ecosystems: pypi
Packages: django-basic-auth-ip-whitelist
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNndzQtbTV3Ny12ODlj
Uncontrolled Resource Consumption in Indy Node
Ecosystems: pypi
Packages: indy-node
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtMzQtamNqdi00NXhm
XSS in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwanItajU3eC13eGZ3
Data leakage via cache key collision in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwam0tcnAyZy0zcjRj
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Ecosystems: pypi
Packages: drf-jwt
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3Y2YtcjN3Mi1namZ3
django-nopassword stores secrets in cleartext
Ecosystems: pypi
Packages: django-nopassword
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNnaDIteHc3NC1qbWN3
SQL injection in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnODQtcWd2OS13NHBx
CRLF injection in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NTQtOTZncS1yZmcz
Pillow Temporary file name leakage
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5OGgtOG14ci1tOGd4
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqanItM2pjdy1mOHY2
Potential Observable Timing Discrepancy in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqdmctcTU3di1tampj
XSS in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmN3YtOGhqMy00eHc3
Improper Verification of Cryptographic Signature in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtOWctanI4Yy1jcXcz
Depth counting error in guard() leading to multiple potential security issues in aioxmpp
Ecosystems: pypi
Packages: aioxmpp
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2M2gtOHg1ai1wdmdx
XSS in python-markdown2
Ecosystems: pypi
Packages: markdown2
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqMmMteDhxbS1xbWpx
SQL injection in Tortoise ORM
Ecosystems: pypi
Packages: tortoise-orm
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd2MtcGZxMi01Y202
Possible XSS attack in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTMtcHg2NC1ydzcy
Uncontrolled Resource Consumption in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqNjktYzc2di04Nndy
Out-of-bounds Read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxeGotZjlyaC05Zmcy
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NnctbW1yZi0yaDZ2
Improper Input Validation in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1eGgtdng4My1teGNq
HTTP Request Smuggling in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxaHAtY3hnYy02d21t
regular expression denial-of-service (ReDoS) in Bleach
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNnItbXZ3NC03MzZn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxMjUtcXJqdy02Zmcy
Malicious package may avoid detection in python auditing
Ecosystems: pypi
Packages: safety
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 4 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2