Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS13Nmc5LXhjY2MtMzQ3aM4AAjY7
Plone Unauthenticated Write Vulnerability
Ecosystems: pypi
Packages: plone.app.contenttypes, Plone
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01N2ZjLThxODItZ2ZwM84AA0QS
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1nMjgzLTg4djUtcm1xMs4AASb0
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mODhxLTIyZzgtZnJjZ84AASjg
Cobbler Improper Validation of Security Tokens
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05MnZtLW14amYtanFmM80XJA
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: pypi
Packages: starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02NGN3LW01N2otNjV4as4AAgWy
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeHEtNzVydy1maGo5
Eve allows execution of arbitrary code
Ecosystems: pypi
Packages: eve
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0eDQtOThjZy13cjRn
Code injection in Danijar Definitions
Ecosystems: pypi
Packages: definitions
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncWctM2Z4ci05aHY3
Apache Airflow vulnerable to XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4N3ctNDVycS12eGdm
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 5 years ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1yNXFqLWN2ZjktcDg1aM0weg
Code Injection in PyTorch Lightning
Ecosystems: pypi
Packages: pytorch-lightning
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnMnctNWYzdi1tZm1t
Insecure default config of Celery worker in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03NHczLTJyNzctZnc1aM031A
Use of Externally-Controlled Format String in consoleme
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14MzJjLTU5djUtaDdmZ84AAz28
Langchain OS Command Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Command injection via Celery broker in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1wNDloLWhqdm0tamczaM0W2w
PCX P mode buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwcnctaDYydi1jMnc3
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1jdjZqLTk4MzUtcDdmaM4AAugX
exotel-py 0.1.6 includes code execution backdoor inserted by a third party
Ecosystems: pypi
Packages: exotel
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnAtaGd4NS0ycGZo
Improper Authentication in Buildbot
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS00NDZtLWhtbW0taG04bc4AAzdL
Ckan remote code execution and private information access via crafted resource ids
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 12 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05bXEtcDJmOS1jZnF2
Bleach URI Scheme Restriction Bypass
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS05OWo1LWZ2ZzMtNTRwbc4AAvef
Rdiffweb is missing authentication for critical function
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12N21oLTNqZ2YtcjI2Y84AAaDG
OpenStack Object Storage (swift) Code Injection vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13Nzk5LXByZzMtY3g3N84AAcB6
python-jose failure to use a constant time comparison for HMAC keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wamhmLXZweDMtMzNyM84AAklg
SaltStack Salt Unauthenticated Remote Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LXh3cXYtcHZ2Oc4AAYBx
OpenStack Swauth object/proxy server writing Auth Token to log file
Ecosystems: pypi
Packages: swauth
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04NWMtOW1mOC1tMm02
Unsafe deserialization in confire
Ecosystems: pypi
Packages: confire
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NnctbW1yZi0yaDZ2
Improper Input Validation in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5cTItcDl4cC03Mzl2
XML Injection in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjbXEtcXZjcC01bXJt
Unsafe deserialization in owlmixin
Ecosystems: pypi
Packages: owlmixin
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3MmMtdzNxMy01NXFx
OS Command Injection in jw.util
Ecosystems: pypi
Packages: jw.util
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1oNnIyLXBndngtNjgzY84AApjs
Lin-CMS-Flask vulnerable to Improper Authentication
Ecosystems: pypi
Packages: Lin-CMS
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yZ3dqLTdqbXYtaDI2cs07Ng
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05cTYyLXI3MmctcHZ2N84AAiBq
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jd3doLTQzODItNmZ3cs4AASIn
Dulwich RCE Vulnerability
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03d3FmLWgzNnctNDdtY84AAwAE
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNWMtZjMyOC05ZnZ2
Diffoscope may write to arbitrary locations due to an untrusted archive
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS02djU2LWNwZzYtM3JweM4AAQW7
Mercurial vulnerable to arbitrary code injection
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZjNwLXY5eHAtbXJ2Zs4AAq3o
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14NTQ5LXI3bTgtZ3Y2M84AAQNo
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jNzRjLXA0cDctcjhxNc4AAiBu
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02NjQzLWg3aDUteDl3aM4AAz9W
Langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xcjM4LWg5NmotMmozd84AAmhh
SaltStack Salt Command Injection in netapi ssh client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05ZnEyLXg5cjYtd2ZtZs4AAq9p
Numpy Deserialization of Untrusted Data
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04ZzIzLTJxNXAtODg2Ns4AAxzQ
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14eHZqLThnNW0tNHFnd84AAZkW
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_interval
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01NnhnLXdmY2MtZzgyOc4AA74j
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Ecosystems: pypi
Packages: llama-cpp-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 5 days ago
Critical
GSA_kwCzR0hTQS05cTl2LXFnd3gtODRtcs4AA05R
Command injection in PaddlePaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_download
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqanItcXFmcC1wcHd4
remote code execution via git repo provider
Ecosystems: pypi
Packages: binderhub
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjbTQtcTJwZy14dzg5
ipycache is vulnerable to Code Injection
Ecosystems: pypi
Packages: ipycache
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 5 years ago
Critical
GSA_kwCzR0hTQS0zY3I1LTI0NDYtOHBnM84AA4Kt
PaddlePaddle command injection in convert_shape_compare
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1yd2hoLTZ4ODMtODR2Ns4AA4od
Cross-site Scripting in Apache superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2angtOWc0OC0ycjVy
Arbitrary code execution due to YAML deserialization
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01N3d4LW05ODMtMmY4OM0XCw
Incomplete validation in boosted trees code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oNmd3LXI1MmMtNzI0cs0oig
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code execution
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ncXJxLWo2cG0tOThjMs4AA3w5
External Control of File Name or Path in h2oai/h2o-3
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04NDM0LXY3eHctOG05eM0loA
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Ecosystems: pypi
Packages: APKLeaks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4NGgtdzZjci01djhx
Markdown-supplied Shell Command Execution
Ecosystems: pypi
Packages: lookatme
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1jaGo3LXczZjYtY3Zmas4AA4mF
Code Injection in paddlepaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03NDg4LTZ4M3ItMjN3Nc4AAtX6
Ganga allows absolute path traversal
Ecosystems: pypi
Packages: ganga
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13NGg2LTl3cnAtdjVqcc4AA74M
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Ecosystems: pypi
Packages: frigate
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_download
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wNmh3LXdtNTktM2c1Z84AA0-Q
Sydent does not verify email server certificates
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xcDcyLTk2cDItZzY0NM4AAtSN
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Ecosystems: pypi
Packages: shiva
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02ODdoLTg2dmMtNXg1Oc4AAtTE
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Ecosystems: pypi
Packages: chainerrl-visualizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MnBjLWZxcnctaGM3Zs4AAtSf
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
Ecosystems: pypi
Packages: opendiamond
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yNHY0LTNqajctamMyOc4AAiSP
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Ecosystems: pypi
Packages: octavia
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJobTktcDl3NS1md203
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 46.6
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS00bXI0LTd2anYtOWhtNs4AAQWm
Mercurial Incorrect Access Control vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wNTc1LWNmOWgtd3Y0Ms4AAUl-
Mercurial Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNzUtNjkzOC13eDU4
python-docutils allows insecure usage of temporary files
Ecosystems: pypi
Packages: docutils
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxeGotZjlyaC05Zmcy
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNGMtcmd2bS05NjRn
SQL Injection in pycsw
Ecosystems: pypi
Packages: pycsw
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS00dzhmLWhqbTkteHdnZs4AArZc
Path Traversal in django-s3file
Ecosystems: pypi
Packages: django-s3file
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnNGYtanFtNS00bWdx
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1oOHBqLWN4eDItamZnMs1BpQ
Improper Input Validation in httpx
Ecosystems: pypi
Packages: httpx
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qZjY2LTNxNzYtaDVwNc3jTg
Tenant and Verifier might not use the same registrar data
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zNzZtLTNybTItOWptNs4AAXrC
Session Fixation in ipsilon
Ecosystems: pypi
Packages: ipsilon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oaDdqLXBnMzktcTU2M84AAzdO
toui allows user-specific variables to be shared between users
Ecosystems: pypi
Packages: toui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2