Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0zOWhjLXY4N2otNzQ3eM4AAvq8
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NTY1LWZnODYtNmpjeM4AAc0O
Django Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcXFoLTk5OXgtdzI2d83KPw
Buildbot Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04cjdxLWN2anEteDM1M84AAX4s
Incorrect Privilege Assignment in Jinja2
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTlqLWgzZzctY3BtZs2z1Q
Roundup xml-rpc server improper check of property permissions
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12ampmLTNydmctZ3Yzds4AAd0E
Dulwich Buffer Overflow when handling pack files
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jM3F2LW1mOGgtNDM0cs2z1g
Roundup vulnerability related to Cross-site scripting (XSS)
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqMmgtaDVoZy0zd2Y4
Cross-site request forgery in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3cjUtcTlyeC0yOTRm
Moderate severity vulnerability that affects django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3cGgtZmM0dy13cXAy
Moderate severity vulnerability that affects django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00dndxLXg2NHEtajRjas4AAU96
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: ipython, notebook
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD
Cobbler is vulnerable to code injection
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmM0LWpnbW0tZnZxM84AAe20
MoinMoin Multiple unrestricted file upload vulnerabilities
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Y3J4LXAzNTctNXZ3OM4AAeli
Ajenti Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: ajenti
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwY2ctZjlxNi0ybXE2
Remote Code Execution via traversal in TAL expressions
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12Mmd3LXg1amYtcGd3ds25UQ
Mercurial Directory traversal vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00MzdwLXF3OTUtd3Fxcs4AAa6S
Trac vulnerable to denial of service
Ecosystems: pypi
Packages: Trac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cTNoLTNxN3YtOXByd84AAVFj
Django Allows Open Redirects
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jZm1yLTM4ZzktZjJoN84AAU-s
Pillow denial of service via Crafted Block Size
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qamdwLXdocnAtZ3E4bc4AAzSn
in-toto: PGP trust model not (fully) considered
Ecosystems: pypi
Packages: in-toto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xaDRxLWZ3ZjgtcXFyd84AAgJY
Zope Denial of Service (DoS) vulnerability in ZServer
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4dnYtMnBtcS05ZnZ2
Moderate severity vulnerability that affects Plone and Zope2
Ecosystems: pypi
Packages: Plone, Zope2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1oanA1LWh2MzMtcTU4Z82zkw
Plone credentials stored in session cookie
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cGZnLTJmcmYtZjY3ds3Eww
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jZjRxLTRjcXItN2c3d80_oQ
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
Ecosystems: pypi
Packages: xml2rfc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxMzctODUzcC1nNWNm
Regular Expression Denial of Service in CairoSVG
Ecosystems: pypi
Packages: CairoSVG
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS13N3JxLThmMmctanZxcs4AAdNj
Djiblets Cross-site scripting Vulnerability via JSON Objects
Ecosystems: pypi
Packages: Djblets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01MndyLTN2d3ctcm1wcc4AAejn
SOAPpy vulnerable to XML External Entity attacks
Ecosystems: pypi
Packages: SOAPpy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jdndjLWc3ZnctN3hyas4AAf8c
Plone XSS Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14NmpmLWM3d2gtN203d826ww
Trac Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: trac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00eDgzLTVndzUtcTM0Ns3B2w
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Ecosystems: pypi
Packages: ZODB3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZnFtLWptNTItZjl2Y84AAvGZ
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Y3dnLW1oeGYtaGg1Oc4AAYL4
Django Cross-site scripting (XSS) vulnerability via is_safe_url function
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05d3g3LWpydmMtMjhtbc0W9Q
Signature verification vulnerability in Stark Bank ecdsa libraries
Ecosystems: npm, nuget, maven, pypi
Packages: starkbank-ecdsa, com.starkbank:ecdsa-java
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13ODMyLXYzYzYtbTZyZ84AA1aR
pandasai vulnerable to prompt injection
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS13eGN3LXJxeGMtaGo4Nc2owA
FTP backend for Duplicity Discloses Passwords to Process Listing
Ecosystems: pypi
Packages: duplicity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01djZxLXhxcTgtZzR4as4AAZ8S
Roundup Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qaHh3LTRodzQtbWhoN84AAgQB
MoinMoin improper access control on the included page for the rst parser
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xNDhxLTc3cXYtY2Y5cM4AAUp3
httplib2 incorrectly checks SSL certificate
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Nzd2LTI5ajktOXJ4Y83UkA
MoinMoin improper sanitizes user profiles
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw
Zope Object Database (ZODB) Arbitrary files reading and deletion
Ecosystems: pypi
Packages: zodb3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmOTItcnI2dy1jcTY0
Storage corruption due to variables overwritten by re-entrancy locks
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03NWN3LTVjZ3YtZzg1M84AAU-w
IPython Notebook vulnerable to improper validation of the origin of websocket requests
Ecosystems: pypi
Packages: ipython
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04MnJtLTI4cTktNDM1cM1B1w
Mailman Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNWNqLXd2MjQtOTJwNc285A
Django cross-site request forgery (CSRF) vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNmY3LWc0MjUtNGdteM4AAU-u
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12eGYyLTdyYzMtcHhteM1vqQ
Cheetah Path Search Order Hijacking
Ecosystems: pypi
Packages: cheetah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NzRmLW1oNm0tYzZxbc3UmA
MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04M2ZtLXc3OW0tNjRyNc4AAzCj
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS01ampyLWdtcTMtZjk4Ns3U0Q
MoinMoin has improper default configuration
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2aHEtYzg5Ni13ODgy
Low severity vulnerability that affects Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3cTgtd3Z2aC1jOTdw
Moderate severity vulnerability that affects Zope2
Ecosystems: pypi
Packages: Zope2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNzItcm1tOS0ycWpy
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZjMtcjdndy05cndn
Moderate severity vulnerability that affects feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFybW0tdzR2NC1xN2Y4
Unauthorized access through URL manipulation
Ecosystems: pypi
Packages: docassemble
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS05MmdmLXAzNzYtNnI5cs4AAvUF
Missing rate limit on rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tdzZqLWhoMjktaDM3Oc4AArM-
`CHECK` failure in depthwise ops via overflows
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04cjk5LWg4ajItcnc2NM4AAvMG
Twisted vulnerable to HTTP Request Smuggling Attacks
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02MnhnLTIzOWotdnhnN83Rqw
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OGMtZm1wYy01cm1x
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS01cGpqLTdtNHAtd2ZoMs4AAalo
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack
Ecosystems: pypi
Packages: ocrodjvu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yajc2LTI2cXEtN3J2ds4AAgKy
MoinMoin cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcGc2LXJncDQtMzVycs3Rrg
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04Z3Y2LXg4OHAtM2Y2aM3RrA
Uncontrolled Resource Consumption in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zbXdnLWdwNWctZnYzcc3R6Q
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in feedparser
Ecosystems: pypi
Packages: feedparser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02aDJ4LTRnamYtamM1d84AAu-B
autogluon.multimodal vulnerable to unsafe YAML deserialization
Ecosystems: pypi
Packages: autogluon.multimodal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05eDhtLTJ4cGYtY3JwM84AAtvM
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wOHcyLWY0NHAtZm1jas4AAaur
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Z2MtcDVtMy12MzQ3
XXE in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS12d3JjLWc5cTYtZjY3Nc1jmg
Zope Server vulnerable to DoS via header injection
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3doLXJqNmotdm03Nc2Bfg
Plone allows remote users to modify arbitrary portraits
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1neGg1LXI4Z3AtcGpjM84AAgK0
MoinMoin cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: Moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xajd4LXdtOXEtcWp4OM4AAgL1
Plone Cross-site Scripting vulnerability in PortalTransforms
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ycXhwLTY5MjYtaHBocs21kg
MoinMoin vulnerable to privilege escalation
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZ2ZnLWd2ZmYtNTIzds4AAVGx
python-glanceclient vulnerable to SSL server spoofing due to unverified X.509 certificate
Ecosystems: pypi
Packages: python-glanceclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NTQtOTZncS1yZmcz
Pillow Temporary file name leakage
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yaDg3LXE0dmctbTQ1as4AAu2M
TensorFlow vulnerable to integer overflow in math ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05anA0LTY4dmMtcjh3cc4AAawO
FormEncode Access Restrictions Bypass
Ecosystems: pypi
Packages: FormEncode
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtNTI0OS04aGdn
personnummer/python vulnerable to Improper Input Validation
Ecosystems: pypi
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS13Yzh3LWdoNW0tNjJmds4AAavw
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NmY5LWY4am0tbXcyeM2_OQ
Plone Cross-site Scripting vulnerability in the LiveSearch module
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05Mm1yLXY3MjItZjQ4bc4AAcm1
Improper Input Validation in Jupyter Notebook
Ecosystems: pypi
Packages: ipython, notebook
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jeHc3LTg1eG0tM3hyY84AAePN
Plone Code Injection vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13cW1tLXE2NWctMmhxcs2vew
Paramiko Unsafe randomness usage may allow access to sensitive information
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13Y3dwLXIzZmotbW0zcM1XWA
Zope DTML implementation Improper Authentication
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03d2hyLWo4dmYtcjR3as1boA
Zope allows attackers to modify raw image and file data
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMnhoLWp2cGYteHE0Ms1bog
Zope does not properly perform security registration for legacy names
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Y21xLXBqNnAtaGd3Zs1Zrw
Zope does not properly restrict access to the getRoles method
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yaDZjLWpoNGMtOWZnM81K4w
mailman Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oajRoLXZxcHEtOTV3Z81IpA
Mailman Sensitive Information Disclosure
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13ampjLW0zZmMtZmNtOM4AAgQE
MoinMoin Denial of Service vulnerability via password_checker function
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1odzRnLWZoY3AteDVtcc4AAgIJ
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcW1oLW1weDItZzYzM84AAgLO
Improper Restriction of Operations within the Bounds of a Memory Buffer in python-cjson
Ecosystems: pypi
Packages: python-cjson
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14MzN2LWYzZ3AtZ3cyY84AAVGA
Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
OpenStack Heat template URL information leakage
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ODItMnBjaC0zeHYz
Django Denial-of-service by filling session store
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NGctd2ptdy13MzI4
Injection vulnerability that affects ironic-discoverd
Ecosystems: pypi
Packages: python-ironic-inspector-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2