Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1yN3JtLThqNmgtcjkzM84AAjLe
Buffer Copy without Checking Size of Input in Pillow
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jYzk5LXdobTUtbW1xM84AAufw
Openstack Keystone Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05NHFtLTk5cWMtcXdxas4AAv4Y
rdiffweb vulnerable to Insufficient Session Expiration
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yeGdnLTI3M3ctcmZ3N84AA4c9
Remote Code Execution vulnerability in Apache IoTDB via UDF
Ecosystems: pypi, maven
Packages: apache-iotdb, org.apache.iotdb:iotdb-core
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0yOTd4LTJxZjMtanJqM84AA4mL
Unsafe yaml deserialization in llama-hub
Ecosystems: pypi
Packages: llama-hub
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yaGhqLTU0MzYtOTV2Zs4AA4mM
Code execution in Embedchain
Ecosystems: pypi
Packages: embedchain
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzMnItNjZjZy03OXB4
Paramiko not properly checking authentication before processing other requests
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS01OXYzLTg5OHItcXdoas4AA37g
MLflow Server-Side Request Forgery (SSRF)
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1majM1LW05NHItOWg0Y84AAktJ
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Ecosystems: pypi
Packages: MISP-maltego
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02cXY2LXE3N2ctN3FtNs4AAujz
NVFLARE unsafe deserialization due to Pickle
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoeDktcDY5di1jeDJq
Authentication bypass in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS00cTJ3LXJ3N20teHF3Ns3uzg
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Ecosystems: pypi
Packages: nnabla
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_interval
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ncXJxLWo2cG0tOThjMs4AA3w5
External Control of File Name or Path in h2oai/h2o-3
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJobTktcDl3NS1md203
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 46.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qY3ItcnFqZy1yaGcz
Implementation trusts the "me" field returned by the authorization server without verifying it
Ecosystems: pypi
Packages: datasette-indieauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnMzUtdmM5Zi1xN3gy
Improper Restriction of XML External Entity Reference in ladon
Ecosystems: pypi
Packages: ladon
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS1yNXFqLWN2ZjktcDg1aM0weg
Code Injection in PyTorch Lightning
Ecosystems: pypi
Packages: pytorch-lightning
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzNmMteGc5Ny04cDRo
libtaxii Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: libtaxii
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS03OTN2LXIzNWotOXJwOc4AAhFF
Openstack Magnum Unsafe Credential Handling
Ecosystems: pypi
Packages: openstack-magnum
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4NGgtdzZjci01djhx
Markdown-supplied Shell Command Execution
Ecosystems: pypi
Packages: lookatme
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1oaDhwLXA4bXAtZ3Fobc4AA37i
MLFlow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jNzMyLXh2djgtZzk0Y84AAxHL
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Ecosystems: pypi
Packages: apache-airflow-providers-mysql, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yNjQ3LWM2MzktcXYyas0wvQ
Server-Side Request Forgery in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwdjgtcTVyeC1jOGdx
django_make_app is vulnerable to Code Injection
Ecosystems: pypi
Packages: django_make_app
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1nNjdnLWh2YzMteG12Zs0WkA
Inconsistent input sanitisation leads to XSS vectors
Ecosystems: pypi
Packages: omero-web, omero-figure
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1Z2gtMndyMi1wbTZn
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2ZmctbWp4Zy1ocXE0
Integer truncation in Shard API usage
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5cTItcDl4cC03Mzl2
XML Injection in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjbXEtcXZjcC01bXJt
Unsafe deserialization in owlmixin
Ecosystems: pypi
Packages: owlmixin
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNGMtcmd2bS05NjRn
SQL Injection in pycsw
Ecosystems: pypi
Packages: pycsw
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1wNjR4LThyeHgtd2Y2cc4AAtF-
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00dzhmLWhqbTkteHdnZs4AArZc
Path Traversal in django-s3file
Ecosystems: pypi
Packages: django-s3file
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00N2ZjLXZtd3EtMzY2ds4AAwDK
PyTorch vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: torch
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwcjYtZjR2cS1teGNo
Command injection in LocalStack
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjcjYtcmY0Ny1qcmdm
Loaded Databook of Tablib prone to python insertion resulting in command execution
Ecosystems: pypi
Packages: tablib
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS03Z2ZxLWY5NmYtZzg1as4AA1dI
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4YzUtZ2dwcC1nMjQ5
pwntools Server-Side Template Injection (SSTI) vulnerability
Ecosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS03NHczLTJyNzctZnc1aM031A
Use of Externally-Controlled Format String in consoleme
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01Y3ZnLTlwcDUtbXhjas4AAyn2
Apache Airflow Hive Provider vulnerable to code injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyOTctY2o1NS05aHJx
SQL Injection in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS1xd3F2LWo3anItNGhwNs3jww
Argument injection in python-libnmap
Ecosystems: pypi
Packages: python-libnmap
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14ZzczLTk0ZnAtZzQ0Oc4AAyUH
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ndzk3LWZmN2MtOXY5Ns4AAyT8
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02am14LXB2Nzctd201d84AAxHU
Excessive Attack Surface in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oOHBqLWN4eDItamZnMs1BpQ
Improper Input Validation in httpx
Ecosystems: pypi
Packages: httpx
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03NDg4LTZ4M3ItMjN3Nc4AAtX6
Ganga allows absolute path traversal
Ecosystems: pypi
Packages: ganga
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4ZjktN2g0Yy1mNWp2
Django-Anymail prone to a timing attack
Ecosystems: pypi
Packages: django-anymail
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4cnYtNWpxYy1tMmN2
Recurly vulnerable to SSRF
Ecosystems: pypi
Packages: recurly
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13NnYtY3JoOC04NTMz
Integer Overflow or Wraparound in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: about 5 years ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12ZzhnLWpwbTktamg4cs4AASJO
Unsafe pyyaml load usage in PyAnyAPI
Ecosystems: pypi
Packages: pyanyapi
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdybWYtNGZxNi0ycjc5
aubio Buffer Overflow vulnerability
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3NTctanA4NC1neGZ4
Improper Input Validation in PyYAML
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4cGotZjVnMi04cDdt
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer
Ecosystems: pypi
Packages: asyncpg
Source: GitHub Advisory Database
Blast Radius: 37.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3dnEtNmdqeC1qNzk3
Special Element Injection in notebook
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZjY2LTNxNzYtaDVwNc3jTg
Tenant and Verifier might not use the same registrar data
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2Y2ctOHA3OS1qcGN2
SVGlib Vulnerable to XXE Attacks
Ecosystems: pypi
Packages: svglib
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1mcjc1LXg4NTYtcTZqOM4AAtbT
Octobot before 0.4.4 mishandles Tentacles upload
Ecosystems: pypi
Packages: OctoBot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00dnE3LTg2OTktNHhnY84AAtt0
WMAgent arbitrary code execution via a crafted dbs-client package
Ecosystems: pypi
Packages: global-workqueue, reqmon, reqmgr2, wmagent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yMzdyLW14ODQtN3g4Y84AAu1M
VNCAuthProxy authentication bypass vulnerability
Ecosystems: pypi
Packages: vncauthproxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qMnB3LXZwNTUtZnFxas4AA5l1
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1qOGZxLTg2YzUtNXYycs0WvA
Remote code execution in dask
Ecosystems: pypi
Packages: distributed
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwbTgtOThteC1oNGM1
Unsafe deserialization in MLAlchemy
Ecosystems: pypi
Packages: MLAlchemy
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3d2YtMjY0NC1mOHg0
The Fuck Arbitrary File Deletion via Path Traversal
Ecosystems: pypi
Packages: thefuck
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00OTU3LTd2aHAtN3Y1Oc4AA45N
Deserialization of untrusted data in synthcity
Ecosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05eDdmLWd3eHEtNmYyY84AA4_y
Vyper's bounds check on built-in `slice()` function can be overflowed
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 4 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2cjgtNDY2cC03NXJo
Pillow Integer overflow in ImagingResampleHorizontal
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1yM3hjLXByZ3ItbWc5cM4AAzG9
Django bypasses validation when using one form field to upload multiple files
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02N3IzLWg4OTktOXc5Nc4AArT7
Embedded Malicious Code in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wNmh3LXdtNTktM2c1Z84AA0-Q
Sydent does not verify email server certificates
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1wNTc1LWNmOWgtd3Y0Ms4AAUl-
Mercurial Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zNzZtLTNybTItOWptNs4AAXrC
Session Fixation in ipsilon
Ecosystems: pypi
Packages: ipsilon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4N3ctNDVycS12eGdm
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 5 years ago
Critical
GSA_kwCzR0hTQS1ndjg1LXdneGMtdmM1Ns4AATWy
web2py is vulnerable to password brute-force attack
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04M2ZtLXc3OW0tNjRyNc4AAzCj
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzOHItcXAyOC0ybTYz
Code injection in rope
Ecosystems: pypi
Packages: rope
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS13Nmc5LXhjY2MtMzQ3aM4AAjY7
Plone Unauthenticated Write Vulnerability
Ecosystems: pypi
Packages: plone.app.contenttypes, Plone
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LXh3cXYtcHZ2Oc4AAYBx
OpenStack Swauth object/proxy server writing Auth Token to log file
Ecosystems: pypi
Packages: swauth
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cWYtOWg3ai03bXY4
Incorrect threshold signature computation in TUF
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzdzYtamNnNC01Mnho
Improper Verification of Cryptographic Signature in django-rest-registration
Ecosystems: pypi
Packages: django-rest-registration
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS04Nzg3LTYzcHgtM20yM84AATHc
Cobbler has Exposed Dangerous Method or Function
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtcjQtbTJoNS0zM3F4
SQL injection in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS00NDZtLWhtbW0taG04bc4AAzdL
Ckan remote code execution and private information access via crafted resource ids
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 12 months ago
Critical
GSA_kwCzR0hTQS03NTM0LW1tNDUtYzc0ds0WKQ
Buffer Overflow in Pillow
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xcGcyLXZ4N2otMzg2Oc4AAq9o
XML Injection in ReportLab
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jeG00LTdxY3ctMjY3cs4AAadQ
salt password information leaked in debug logs
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoMzctMzd4dy01NGhy
Improper Authentication in requests-kerberos
Ecosystems: pypi
Packages: requests-kerberos
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS01eHZjLXZnbXAtamdjM80Wvg
Improper Access Control in jupyterhub-firstuseauthenticator
Ecosystems: pypi
Packages: jupyterhub-firstuseauthenticator
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2