Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNjMtNjR4Ny01N3hm
Path traversal in impacket
Ecosystems: pypi
Packages: impacket
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1mcHJwLXA4NjktdzZxMs4AAyjJ
LangChain vulnerable to code injection
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyY2YtZzUzOS14Nmgz
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Ecosystems: pypi
Packages: rediswrapper
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS0yOWozLTI0NDYtNWo0d84AAmhY
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14NTQ5LXI3bTgtZ3Y2M84AAQNo
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yanh3LTRobTQtNnc4N84AA4mj
SQL injection in llama-index
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 4 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1N2otcTQ4cC05dm0y
Command injection in Gerapy
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS05MnZtLW14amYtanFmM80XJA
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: pypi
Packages: starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nY3gyLWd2ajctcHh2M801FA
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Ecosystems: pypi
Packages: mitmproxy
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNDloLWhqdm0tamczaM0W2w
PCX P mode buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mNGc0LWNqOGYtM2NyOc4AAXos
OpenStack Nova logs sensitive context from notification exceptions
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01ODh3LXc2bXYtM2N3Nc3sUg
Ansible Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoamgtZ2h3eC02aDdy
modulemd uses an unsafe function for processing externally provided data
Ecosystems: pypi
Packages: modulemd
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1nMjgzLTg4djUtcm1xMs4AASb0
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04ZzIzLTJxNXAtODg2Ns4AAxzQ
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1naGMyLWh4M3ctanFtcM4AAnsb
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0ycW1qLTc5NjItY2pxOM4AA0Lt
langchain arbitrary code execution vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05dzdmLW00ajQtajN4d80g4g
Gerapy < 0.9.8 may cause remote code execution
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2ZzMtY2Y5Mi1oMmg3
Insufficient Verification of Data Authenticity in python-keystoneclient
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03d3FmLWgzNnctNDdtY84AAwAE
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05cTYyLXI3MmctcHZ2N84AAiBq
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wMzczLWpxZm0tajZ3cs4AAveY
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Ecosystems: pypi
Packages: Shinken
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyOGoteHZmai0zNmY5
Code injection in ymlref
Ecosystems: pypi
Packages: ymlref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS02NGN3LW01N2otNjV4as4AAgWy
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01OGg4LTQ0bWctcjQzeM3gIA
ReviewBoard and Djblets library are vulnerable to code execution
Ecosystems: pypi
Packages: ReviewBoard, djblets
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05ZnEyLXg5cjYtd2ZtZs4AAq9p
Numpy Deserialization of Untrusted Data
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01ZmY4LTc2MzktNnY2Z84AAum7
Apache Airflow Session Fixation vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05bXdmLW13NzQtOWN2Nc4AAxzN
Apache Airflow Hive Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zcW1nLWM5dmMtcjQ3as4AAR1w
Mercurial is vulnerable to shell injection attack
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyanItdmM3ai1nNzYy
Potential buffer overflow in psd-tools
Ecosystems: pypi
Packages: psd-tools
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS1qNmdqLXBnNjIteDhqNs4AAYNc
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12Z2htLThjanAtaGp3Ns4AA0xF
postgraas-server vulnerable to SQL injection
Ecosystems: pypi
Packages: postgraas-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1ybWYyLXB3ZnEtaDc1as4AAwAD
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05Nmh3LXY1OTgtanZnaM4AAXi3
Cobbler vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qeDNxLTVyZ2YtdnJycs4AA0kS
xalpha vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: xalpha
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS12N21oLTNqZ2YtcjI2Y84AAaDG
OpenStack Object Storage (swift) Code Injection vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeHEtNzVydy1maGo5
Eve allows execution of arbitrary code
Ecosystems: pypi
Packages: eve
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxMnItcXhwNi1oNWo2
Improper Restriction of XML External Entity Reference in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qNjl4LXY0d2MtM2ZwZs4AAxzJ
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-sqoop
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3MmMtdzNxMy01NXFx
OS Command Injection in jw.util
Ecosystems: pypi
Packages: jw.util
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1yM3hjLXByZ3ItbWc5cM4AAzG9
Django bypasses validation when using one form field to upload multiple files
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qdzM2LW1ydmctajVmeM4AAvjj
Rdiffweb subject to Business Logic Errors
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0eDQtOThjZy13cjRn
Code injection in Danijar Definitions
Ecosystems: pypi
Packages: definitions
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1oMzg0LXBoNzctMzY5Oc4AAyNT
weixin-python XML External Entity vulnerability
Ecosystems: pypi
Packages: weixin-python
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jd3doLTQzODItNmZ3cs4AASIn
Dulwich RCE Vulnerability
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03ZzQ3LXh4ZmYtOXA4Nc0WIA
Remote unauthenticated attackers able to upload files in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4aHYtcWZmMy04Nzkz
Unrestricted Upload of File with Dangerous Type in django-widgy
Ecosystems: pypi
Packages: django-widgy
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ndjg1LXdneGMtdmM1Ns4AATWy
web2py is vulnerable to password brute-force attack
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13Nnh2LW1mNmYtcjVmNs4AAlwU
Scalyr Agent Missing SSL Certificate Validation
Ecosystems: pypi
Packages: scalyr-agent-2
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwcnctaDYydi1jMnc3
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxMjctdjd4cC1jMzU2
Buffer Overflow in pycrypto
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS05MjY2LWo5djMtcTRqNc4AArgQ
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Ecosystems: pypi
Packages: couchbase
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14cDdwLTNneDctajZ3eM0kHw
calibre-web is vulnerable to Business Logic Errors
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oOHhwLWgzamYtd3Y0ds4AAhVu
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1xaHE4LXh3cXYtcHZ2Oc4AAYBx
OpenStack Swauth object/proxy server writing Auth Token to log file
Ecosystems: pypi
Packages: swauth
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qNjZxLXFtcmMtODlyeM4AAm7X
jsonpickle unsafe deserialization
Ecosystems: pypi
Packages: jsonpickle
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnAtaGd4NS0ycGZo
Improper Authentication in Buildbot
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS02dzRtLTJ4aGctMjY1OM4AAy-v
Buffer overflow in sponge queue functions
Ecosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qY2htLWZtNHEtYzJmcM4AAzHG
Apache Airflow vulnerable to Privilege Context Switching Error
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cWYtOWg3ai03bXY4
Incorrect threshold signature computation in TUF
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS14eHczLTc2NW0tZjM3cM4AAnsH
SaltStack Salt Improper Authentication vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zcXI1LWg3dzQtM2d4M84AATwd
Donfig Command Injection in collect_yaml method
Ecosystems: pypi
Packages: donfig
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13cXE1LWM4OXAtM3djM84AAgWx
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xZzQ3LTVweDktMzJnN84AAgXC
Ansible Remote Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tdjhnLWZoaDYtNjI2N84AAYRT
Django user with hardcoded password created when running tests on Oracle
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzOHItcXAyOC0ybTYz
Code injection in rope
Ecosystems: pypi
Packages: rope
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1wamhmLXZweDMtMzNyM84AAklg
SaltStack Salt Unauthenticated Remote Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13Nzk5LXByZzMtY3g3N84AAcB6
python-jose failure to use a constant time comparison for HMAC keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xNTNqLXA2cjItZzJ2NM4AAjV1
SaltStack Salt is vulnerable to command injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1eGgtdng4My1teGNq
HTTP Request Smuggling in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS02aHJnLXFtdmMtMnhoOM4AAvFP
joblib vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: joblib
Source: GitHub Advisory Database
Blast Radius: 47.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1nY2pmLTI5bTktODg4cc4AAwMe
PaddlePaddle vulnerable to Code Injection
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04NWMtOW1mOC1tMm02
Unsafe deserialization in confire
Ecosystems: pypi
Packages: confire
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NnctbW1yZi0yaDZ2
Improper Input Validation in Twisted
Ecosystems: pypi
Packages: Twisted
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS04dmoyLXZ4eDMtNjY3d80hfA
Arbitrary expression injection in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtdnIzdi03Nm1m
Eval injection in Supybot/Limnoria
Ecosystems: pypi
Packages: limnoria
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1nd3FxLTZ2cTctNWo4Ns4AA1D8
langchain Code Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1mODhxLTIyZzgtZnJjZ84AASjg
Cobbler Improper Validation of Security Tokens
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZjNwLXY5eHAtbXJ2Zs4AAq3o
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM
SaltStack Salt Server Side Template Injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jM3hxLWNqOGYtNzgyOc0WdQ
Inadequate Encryption Strength in python-keystoneclient
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13MjRoLXY5cWgtOGd4as07NQ
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04cnA2LXgzcjctNXF3M84AAnsd
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02NjQzLWg3aDUteDl3aM4AAz9W
Langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4NzMteGNxcS14OTIy
Command Injection in Simiki
Ecosystems: pypi
Packages: simiki
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qanc1LXh4ajYtcGN2Nc4AAktO
scikit-learn Deserialization of Untrusted Data
Ecosystems: pypi
Packages: scikit-learn
Source: GitHub Advisory Database
Blast Radius: 50.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2