Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cWYtM2ZjNi04eDM0
Segfault and data corruption in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtdjItNzlxOC1mdjZn
Uncontrolled Resource Consumption in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEycTctNXBwNC13NnBn
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMzMtN3JycS02NjJ3
Improper Certificate Validation in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 5 years ago
High
GSA_kwCzR0hTQS14cXI4LTdqd3ItcmhwN84AA04J
Removal of e-Tugra root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: 10 months ago
High
GSA_kwCzR0hTQS0yN3g0LWo0NzYtanA1Zs4AAe-Z
Setuptools vulnerable to Man-in-the-middle attacks
Ecosystems: pypi
Packages: setuptools
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTktMmY5Mi01Y3Bo
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzeG0tcng1cC14dnFy
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS0ycW1qLTc5NjItY2pxOM4AA0Lt
langchain arbitrary code execution vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS14MzJjLTU5djUtaDdmZ84AAz28
Langchain OS Command Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1mNzN3LTRtN2ctY2g5eM4AA1n1
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02NjQzLWg3aDUteDl3aM4AAz9W
Langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS03Z2ZxLWY5NmYtZzg1as4AA1dI
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1mcHJwLXA4NjktdzZxMs4AAyjJ
LangChain vulnerable to code injection
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05Mmo1LTM0NTktcWdwNM4AA1T7
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nd3FxLTZ2cTctNWo4Ns4AA1D8
langchain Code Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1wcmdwLXc3dmYtY2g2Ms4AA1T_
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS01N2ZjLThxODItZ2ZwM84AA0QS
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1majMyLXE2MjYtcGpqY84AA1UA
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
High
GSA_kwCzR0hTQS14cDc2LTM1N2ctOXdxcc3gGw
SciPy creates insecure temporary directories
Ecosystems: pypi
Packages: scipy
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS01NXg1LWZqNmMtaDZtOM0a1g
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mdzN2LXg0ZjItdjY3M84AAtnx
Mistune vulnerable to catastrophic backtracking
Ecosystems: pypi
Packages: mistune
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zZjJjLWptNnYtY3IzNc4AAYRU
Django DNS Rebinding Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoNngtNHdoci0ycXY0
Null pointer dereference and heap OOB read in operations restoring tensors
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02NGN3LW01N2otNjV4as4AAgWy
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xZzQ3LTVweDktMzJnN84AAgXC
Ansible Remote Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02NmM3LTVwd3YtbW0zas4AArAK
Ansible Code Injection Vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13cXE1LWM4OXAtM3djM84AAgWx
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1Nzgtajk5Mi01NTR4
Ansible fails to properly mark lookup-plugin results as unsafe
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS01ODh3LXc2bXYtM2N3Nc3sUg
Ansible Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMycGMteHBoeC1xNGY2
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1oOHBqLWN4eDItamZnMs1BpQ
Improper Input Validation in httpx
Ecosystems: pypi
Packages: httpx
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wajk4LTJ4ZjYtY2ZmNc4AA19n
ReportLab vulnerable to remote code execution via paraparser
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1xcGcyLXZ4N2otMzg2Oc4AAq9o
XML Injection in ReportLab
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zODYzLTI0NDctNjY5cM4AA35m
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 5 months ago
High
GSA_kwCzR0hTQS0zZjYzLWhmcDgtNTJqcc4AA4lV
Arbitrary Code Execution in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZnEtdzhxcS12ODho
Out-of-bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzOHItcXAyOC0ybTYz
Code injection in rope
Ecosystems: pypi
Packages: rope
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1yN3E3LXhjanctcXg4cc4AAVUm
TDQM Arbitrary Code Execution
Ecosystems: pypi
Packages: tqdm
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wNXc4LXdxaGotOWhoZs0VtQ
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mbTM5LWN3OGgtM3A2M80WRg
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNnJ3LTQ0cTctM2Z3NM0W3A
Stored XSS in Jupyter nbdime
Ecosystems: npm, pypi
Packages: nbdime-jupyterlab, nbdime
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyajYtd3JoaC12MjVt
Paramiko Authentication Bypass vulnerability
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4MnYtajQ0NS1nMzU0
Improper Input Validation in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 5 years ago
High
GSA_kwCzR0hTQS12cTM2LTI3ZzYtcDQ5Ms0orQ
Out of bounds read in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4MngtODVnci13cnBx
Out of bounds access in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyY3EtY3ByZy1mcnZt
Out of bounds write in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
High
GSA_kwCzR0hTQS0yM2htLTd3NDcteHc3Ms0obA
Out of bounds read in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0OTItZjdnci0yN3Jw
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 5 years ago
High
GSA_kwCzR0hTQS02Z212LXBqcDktcDh3OM0obg
Out of bounds read in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS12amc0LXYzM2MtZ2djNM0ocA
Out of bounds read in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14aHA5LTQ5NDctcnE3OM4AArYm
Denial of service in bottle
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNDljLTg3amgtZzQ3cc4AAyTz
TensorFlow has double free in Fractional(Max/Avg)Pool
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qNjZxLXFtcmMtODlyeM4AAm7X
jsonpickle unsafe deserialization
Ecosystems: pypi
Packages: jsonpickle
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yNXFqLWN2ZjktcDg1aM0weg
Code Injection in PyTorch Lightning
Ecosystems: pypi
Packages: pytorch-lightning
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qeGZwLTRydnEtOWg5bc4AAmrx
scikit-learn Denial of Service
Ecosystems: pypi
Packages: scikit-learn
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0dmctcmY2My1mM2oz
Arbitrary code using "crafted image file" approach affecting Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NDMtbTdtdy1teHFt
Buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS13Nzk5LXByZzMtY3g3N84AAcB6
python-jose failure to use a constant time comparison for HMAC keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NnctbW1yZi0yaDZ2
Improper Input Validation in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1eGgtdng4My1teGNq
HTTP Request Smuggling in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqNXYtNTc0cC1tajdj
py vulnerable to Regular Expression Denial of Service
Ecosystems: pypi
Packages: py
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS13NTk2LTR3dngtajlqNs4AAvXY
ReDoS in py library when used with subversion
Ecosystems: pypi
Packages: py
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjZjktM3F3My1neG1q
PyCA Cryptography vulnerable to GCM tag forgery
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1jZjdwLWdtMm0tODMzbc4AA0t4
cryptography mishandles SSH certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 10 months ago
High
GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1xM2NqLTJyMzQtMmN3Y84AAbxz
Improper input validation in cryptography
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00M2ZwLXJodjItNWd2OM4AAwM2
Certifi removing TrustCor root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2MmMtNXI5NC14aDk3
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
Ecosystems: pypi
Packages: flask
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tMnFmLWh4anYtNWdwcc4AAzC9
Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
Ecosystems: pypi
Packages: flask
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
Ecosystems: pypi
Packages: flask
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxeGotZjlyaC05Zmcy
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoMmotY2d4OC02eHY3
Cross-Site Request Forgery (CSRF) in FastAPI
Ecosystems: pypi
Packages: fastapi
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjamotOXZnNy12ZjY4
Null pointer dereference in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ncGZoLWp2ZjktN3dnNc0W_w
Use after free / memory leak in `CollectiveReduceV2`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qODZ2LXAyN2MtNzNmbc0XEg
Unitialized access in `EinsumHelper::ParseEquation`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Zjk5LXA5YzItM2o4eM0XAA
Undefined behavior via `nullptr` reference binding in sparse matrix multiplication
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3NGotdjh4aC0zdzVo
Reference binding to nullptr in unicode encoding
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4aDQtN3JnaC1xMmdt
Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3NjgtdzdtOS0ydm1t
Reference binding to nullptr in shape inference
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmNXAtYzc1dy13M3do
Null pointer dereference in TFLite MLIR optimizations
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyNWgtanI3NC1xcDVq
Incomplete validation in `QuantizeV2`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eGYtMnBxdy01bXE3
Reference binding to nullptr in `RaggedTensorToVariant`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03Zm0tNGpmaC1qcmc2
Use after free in boosted trees creation
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcXY2LTNwaG0taGN3eM0W_g
Access to invalid memory during shape inference in `Cudnn*` ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwNzctNGdtbS03Y3E4
Incorrect validation of `SaveV2` inputs
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyODItMmM3OC00bTho
Reference binding to nullptr in map operations
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4MnAtaHYzdi1wNnFw
Incomplete validation in MKL requantization
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03NWM5LWpyaDQtNzltY84AArBa
Code injection in `saved_model_cli` in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03cHhqLW00amYtcjZoMs0XEA
Missing validation during checkpoint loading
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12d2hxLTQ5cjQtZ2o5ds0XBQ
Reference binding to `nullptr` in `tf.ragged.cross`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4d2otNXI0di00Mjlw
NPE in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Y3czLWc2d3YtYzJ4ds0okA
Infinite Loop in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xMmpmLWg5am0tbTdwNM4AAxVW
Django contains Uncontrolled Resource Consumption via cached header
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04YzVqLTlyOWYtYzZ3OM0g8Q
Information disclosure in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01M3F3LXE3NjUtNGZ3d80g9Q
Denial-of-service in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2