Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0yNjU1LXE0NTMtMjJmOc4AAfNa
Django Allows Arbitrary URL Generation
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyNzgtODh2di14OThy
Execution of untrusted code through config file
Ecosystems: pypi
Packages: tenable-jira-cloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmOTItcnI2dy1jcTY0
Storage corruption due to variables overwritten by re-entrancy locks
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzbTktOWZqMi1tZndy
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Ecosystems: pypi
Packages: Products.isurlinportal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3Y2ctN3hxdy1xY3h3
Heap Overflow in PyMiniRacer
Ecosystems: pypi
Packages: py-mini-racer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS04cDQyLTc1OTctcDJmNs4AA7Wb
dcnnt-py is vulnerable to command injection via Notification Handler
Ecosystems: pypi
Packages: dcnnt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2Y3EtZ21jMy1xNm04
Apache Airflow logs passwords in plaintext
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 27 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0aHYtcWpqcS1oN2c1
datasette-graphql leaks details of the schema of private database files
Ecosystems: pypi
Packages: datasette-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xcjN4LXY5N3AtNDJ4d84AAe55
SaltStack insecurely uses /tmp
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NnAzLXJycDQtMmo4Ms4AAWK2
Plone Open Redirection vulnerability via next parameter
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
diffoscope Path Traversal vulnerability
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZjMtbXdwMy1mOGN3
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Ecosystems: pypi
Packages: Products.GenericSetup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS02NTJ4LXhqOTktZ21jY84AAVEp
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Ecosystems: pypi
Packages: requests
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12OXZqLTlweHYtbXIyd84AA2kx
mycli has Inadequate Encryption Strength
Ecosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1oNXJmLXZncXgtd2p2Ms4AAU_b
Pillow denial of service via PNG bomb
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04bTl4LXB4d3EtajIzNs4AAelu
Pillow command injection
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00eGY2LXhyOTYtN3ZtcM4AAegP
Djblets Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: djblets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jZjltLXE4MzYtdmYyNs4AAes1
OpenStack Swift Discloses Secret URLs to Timing Attack
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjJjLXZwNTItZ21md84AAdG1
OpenStack keystonemiddleware does not verify certificate
Ecosystems: pypi
Packages: keystonemiddleware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2aHAtdjlxcC14ZjVy
Django-piston and Django-tastypie do not properly deserialize YAML data
Ecosystems: pypi
Packages: django-piston
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS12eGYyLTdyYzMtcHhteM1vqQ
Cheetah Path Search Order Hijacking
Ecosystems: pypi
Packages: cheetah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS04MnJtLTI4cTktNDM1cM1B1w
Mailman Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yOTZ3LTZxaHEtZ2Y5Ms4AAU-L
Django denial of service via file upload naming
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oZzN3LTdoajktbTNmN84AAgb3
Regular expression denial of service in url_regex
Ecosystems: pypi
Packages: url_regex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNzZtLTNybTItOWptNs4AAXrC
Session Fixation in ipsilon
Ecosystems: pypi
Packages: ipsilon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00ODk0LTV2cWMtNnIycs4AAZ0v
Django Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jM3F2LW1mOGgtNDM0cs2z1g
Roundup vulnerability related to Cross-site scripting (XSS)
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTlqLWgzZzctY3BtZs2z1Q
Roundup xml-rpc server improper check of property permissions
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wZzc1LXY2ZnAtOHE1Oc4AA0_Q
Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qcXFoLTk5OXgtdzI2d83KPw
Buildbot Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03anJwLXI2angtMzJjd81JdA
MoinMoin allows administrative access
Ecosystems: pypi
Packages: Moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xN21mLWhwOW0tY3g2Zs1MEw
Roundup Directory traversal vulnerability
Ecosystems: pypi
Packages: Roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12NzQ0LWgzNmMtaHY1as1L9g
MoinMoin Improper Access Control
Ecosystems: pypi
Packages: Moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aGNoLXY1cHEteDRxcM2KqQ
Plone allows anonymous users to reset any users password through the web via Password Reset Tool
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tajN4LXdwcnAtbXZqOc3KPQ
Buildbot Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjcjUteHI5aC1tdmM1
python-gnupg vulnerable to shell injection
Ecosystems: pypi
Packages: python-gnupg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01ZmYtM3dqMy04cGg0
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1xZnA4LWhmcXgtYzc5Y83icA
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzNjYtNHJ2di05NXgy
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Ecosystems: pypi
Packages: cryptoauthlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS03OTQ0LWg1cnctcW1qeM1jgQ
ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Critical
GSA_kwCzR0hTQS02N3IzLWg4OTktOXc5Nc4AArT7
Embedded Malicious Code in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yM2Z4LTkybTYtNGYyZ84AAy5q
pretalx allows path traversal in HTML export
Ecosystems: pypi
Packages: pretalx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ZnF2LW1wajgtaDdnbc4AAx5N
Lemur subject to insecure random generation
Ecosystems: pypi
Packages: lemur
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01aDJxLTRocnAtdjlycs4AAfPc
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14OTVoLTk3OXgtY2Yzas0Wmg
Policies not properly enforced in bluemonday
Ecosystems: go, pypi
Packages: github.com/microcosm-cc/bluemonday, pybluemonday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NzZjLXFtY2YtY3h2Ns3UmQ
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qaGpnLXcyY3AtNWo0NM4AAce9
Django DoS in django.views.static.serve
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jM3JwLTRjamgtY3AzOM1h4g
Zope does not properly verify the access for objects with proxy roles
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14OWpwLTR3OG0tNGYzY84AArfm
Cross Site Scripting vulnerability in django-jsonform's admin form.
Ecosystems: pypi
Packages: django-jsonform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1qeDNxLTVyZ2YtdnJycs4AA0kS
xalpha vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: xalpha
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03cnE0LXFjcHctNzRncc4AArtK
Formula Injection in Exported Data
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cHJyLW1jNTQtYzYycc4AAeNO
Exposure of Sensitive Information in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmdzIteDlmOC0yZjZt
Cross-Site Scripting
Ecosystems: pypi
Packages: oncall
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS02MjVnLWd4OGMteGNtZ84AAVE-
Django Middleware Enables Session Hijacking
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1majI0LWdocDktMzl2M84AAU8E
Ansible uses a socket with predictable filename in /tmp
Ecosystems: pypi
Packages: Ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04ODMzLXFydm0td2MzaM3iSg
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Ecosystems: pypi
Packages: Keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1wY3F2LWM0NnYtMnA0ds4AAU8C
Ansible Arbitrary File Overwrite Vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oZjk0LThteDUtMnZ2as4AAv-5
Cross-site Scripting in kiwitcms
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wM3h2LTk3ZzgtNHdtas4AAewz
Python Swift client is vulnerable to Missing SSL Certificate Check
Ecosystems: pypi
Packages: python-swiftclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NXE5LTc0NjctcjUzcc4AArtb
XSS Vulnerability in Markdown Editor
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yM3FxLXA0Z3EtZ2MyZ84AA7w2
WordOps has TOCTOU race condition
Ecosystems: pypi
Packages: wordops
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS01OXAyLXY2MngtZ3hqOM4AA7wY
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1tOXZtLThtdjktdjV2M84AA7wT
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
High
GSA_kwCzR0hTQS1weGZ2LTdycjMtMnFqZ84AA0t-
copyparty vulnerable to path traversal attack
Ecosystems: pypi
Packages: copyparty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2aDktaHBjZy1jNmdt
High severity vulnerability that affects Plone and Zope2
Ecosystems: pypi
Packages: Zope2, Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mZnA5LXBmcTktZzJ3d84AA7wV
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LWN4M3Ytd2o5Nc4AA7wX
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1jN3c2LTMzajMtajNteM4AA7wU
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
High
GSA_kwCzR0hTQS1oNGc3LThtN3ItODdyOc3RvQ
Improper Access Control in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03aG1tLXdnMjMtMnc3bc4AA7wS
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS05N3JqLXA3OTQtd3E2bc4AAdgt
Plone denial of service via Caching Bypass
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wM2g3LTNjNDUtcWo0ds4AAfZ-
Python Keyring does not securely initialize encryption cipher
Ecosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zZzZ3LTRtN3gtOTd2Ns4AAeQ6
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ocjU5LTM1Y3ItcWY0M84AAeQ8
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05bTRnLWY0MnEtdnJyaM4AAeQ-
Plone Sandbox Bypass
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHBnLXdwNWotcmp4eM4AAeQ5
Plone Information Disclosure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcTVnLTkyNG0tN2Z4aM4AAeQn
Plone Information Disclosure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wd3g1LXhnN2ctd3BjNc4AAZ9h
Tweepy does not verify SSL Certificate
Ecosystems: pypi
Packages: tweepy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1neDZ3LWhjdzMtNXIzN84AAeQm
Plone DoS via Crafted URL
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13dmh4LXE0MjctZmdoM84AA7xy
Arbitrary HTML present after sanitization because of unicode normalization
Ecosystems: pypi
Packages: html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS01OXc4LTR3bTItNHh3OM4AAfPe
Django Image Field Vulnerable to Image Decompression Bombs
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12amM0LTN2Z3gtcHE5aM4AA7wx
Nebari prints temporary Keycloak root password
Ecosystems: pypi
Packages: nebari
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1wZ3hoLXdmdzQtangyds4AAYdf
Django denial of service via empty session record creation
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oajhtLTlmaGYtdjdqcM4AA0D-
fief-server Server-Side Template Injection vulnerability
Ecosystems: pypi
Packages: fief-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS05Z2NmLXBxOTktcmp3M84AAZrR
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Ecosystems: pypi
Packages: RPLY
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13cnA2LTl3N2YtM3d4Z80kAA
calibre-web is vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Z2oyLXBoNTctNTZmNc2Y_w
MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters
Ecosystems: pypi
Packages: Moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2