Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
High
GSA_kwCzR0hTQS03cGMzLXByM3EtNTh2Z84AA7v3
sagemaker-python-sdk Command Injection vulnerability
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 11 hours ago
High
GSA_kwCzR0hTQS13anZ4LWpocGotcjU0cs4AA7v2
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 11 hours ago
Low
GSA_kwCzR0hTQS1nN3Z2LTJ2N3gtZ2o5cM4AA7v0
tqdm CLI arguments injection attack
Ecosystems: pypi
Packages: tqdm
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 12 hours ago
Moderate
GSA_kwCzR0hTQS1wd2djLXc0eDktZ3c2N84AA7vS
changedetection.io Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 14 hours ago
High
GSA_kwCzR0hTQS01bTk4LXFnZzktd2g4NM4AA7vP
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 14 hours ago
High
GSA_kwCzR0hTQS14djY0LThwNHItOTRncc4AA7h_
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 1 day ago
High
GSA_kwCzR0hTQS0ybXZjLTU1N2ctNTYzOM4AA7ig
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 1 day ago
Low
GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 3 days ago
High
GSA_kwCzR0hTQS1qeGdyLWdjajUtY3FxZ84AA7cp
nautobot has reflected Cross-site Scripting potential in all object list views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 3 days ago
High
GSA_kwCzR0hTQS02YzVwLWo4dnEtcHFoas4AA7UT
python-jose algorithm confusion with OpenSSH ECDSA keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jandnLXFmcG0tNzM3N84AA7UU
python-jose denial of service via compressed JWE content
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wcHg1LXEzNTktcHZ3as4AA7UK
vyper's range(start, start + N) reverts for negative numbers
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14Y2hxLXc1cjMtNHdnM84AA7UJ
vyper performs incorrect topic logging in raw_log
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1yNTZ4LWo0Mzgtdnc1bc4AA7UI
vyper performs double eval of the slice args when buffer from adhoc locations
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zd2hxLTY0cTItcWZqNs4AA7UH
vyper performs double eval of raw_args in create_from_blueprint
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1tMnY5LXczNzQtNWhqOc4AA7UG
vyper default functions don't respect nonreentrancy keys
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS01anJqLTUyeDgtbTY0aM4AA7UF
vyper performs double eval of the argument of sqrt
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 days ago
Critical
GSA_kwCzR0hTQS0zZjd3LXA4dnItNHY1Zs4AA7Ss
pyLoad allows upload to arbitrary folder lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-django affected by Improper Handling of Case Sensitivity
Ecosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
High
GSA_kwCzR0hTQS1wNzJxLWgzN2otM2hxN84AA7Pf
dbt uses a SQLparse version with a high vulnerability
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 11 days ago
High
GSA_kwCzR0hTQS1yZm0yLWY5NGotcWhqcM4AA7Om
OpenStack Storlets arbitrary code execution vulnerability
Ecosystems: pypi
Packages: storlets
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS04NHByLW00anItODVnNc4AA7Nz
flask-cors vulnerable to log injection when the log level is set to debug
Ecosystems: pypi
Packages: flask-cors
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 14 days ago
High
GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Sentry vulnerable to leaking superuser cleartext password in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 18 days ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 18 days ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 18 days ago
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 18 days ago
High
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 18 days ago
High
GSA_kwCzR0hTQS1qNjJyLXd4cXEtZjNnZs4AA7B4
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 18 days ago
High
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 18 days ago
High
GSA_kwCzR0hTQS1nOWNqLWNmcHAtNGcyeM4AA7B5
gradio vulnerable to Path Traversal
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 18 days ago
Critical
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 18 days ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 18 days ago
High
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in Gunicorn
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 18 days ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1tcjgyLThqODMtdnhtds4AA6-j
Pydantic regular expression denial of service
Ecosystems: pypi
Packages: pydantic
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 19 days ago
High
GSA_kwCzR0hTQS1td2M3LTY0d2ctcGd2as4AA69-
NiceGUI allows potential access to local file system
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 24 days ago
High
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 24 days ago
High
GSA_kwCzR0hTQS05OXcyLTY3aDgtNTk0OM4AA64t
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 24 days ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 24 days ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Critical
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS1oanE2LTUyZ3ctMmc3cM4AA63l
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 24 days ago
High
GSA_kwCzR0hTQS12NmYzLWdoNWgtbXF3eM4AA6wV
DIRAC: Unauthorized users can read proxy contents during generation
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
High
GSA_kwCzR0hTQS1wMjh4LWhqNjgtN3ZmcM4AA6ug
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1jcjZmLWdmNXctdmhyY84AA6rV
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 28 days ago
High
GSA_kwCzR0hTQS0yN2p4LWZmdzgteHJxds4AA6pB
pgAdmin Remote Code Execution (RCE) vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS13cGZmLXdtODQteDVjeM4AA6o4
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
High
GSA_kwCzR0hTQS0ycTU5LWgyNGMtdzZmZ84AA6ks
Voilà Local file inclusion
Ecosystems: pypi
Packages: voila
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00NHdtLWYyNDQteGhwM84AA6j6
Pillow buffer overflow vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wbXd3LXY2YzktN3A4M84AA6gN
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Ecosystems: pypi
Packages: piccolo-admin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcmozLWYyaDQtN3c0Nc4AA6av
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS03cjNoLTRwaDgtdzM4Z84AA6at
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS13djI4LTdmcHctZmo0Oc4AA6Vg
Lektor does not sanitize database path traversal
Ecosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yMzY0LW0yajktbWY0aM4AA6Un
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU
Apache Airflow Improper Preservation of Permissions vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xODRtLXJtdzMtNDM4Ms4AA6Si
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Ecosystems: pypi
Packages: langchain-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zOGpyLTI5Zmgtdzl2bc4AA6RX
ansys-geometry-core OS Command Injection vulnerability
Ecosystems: pypi
Packages: ansys-geometry-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zeDlnLXhmajUtZnE4NM4AA6Nf
Cross-Site Request Forgery in Gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS01OTI1LTg4eGgtNmg5Oc4AA6NN
ESPHome vulnerable to Authentication bypass via Cross site request forgery
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS01NW0zLTQ0eGYtaGc0aM4AA6LI
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS13ajg1LXc0ZjQteGg4aM4AA6Gp
Denial of service via regular expression
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph function
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQL
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwt
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 764
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 50 apache-superset 48 Plone 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 mlflow 31 opencv-python 30 opencv-contrib-python 30 Django 27 moin 23 langchain 18 PaddlePaddle 17 mercurial 17 cobbler 17 pillow 16 nova 15 paddlepaddle 15 notebook 15 cryptography 15 gradio 14 modoboa 14 pyftpdlib 14 keystone 14 pyload-ng 14 neutron 13 OctoPrint 12 vantage6 12 glance 11 calibreweb 11 twisted 11 urllib3 11 aiohttp 11 onionshare-cli 11 trytond 10 wagtail 10 Flask-AppBuilder 10 zope 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ethyca-fides 9 waitress 9 Zope 9 kiwitcms 9 trac 8 numpy 8 python-keystoneclient 8 aubio 8 roundup 8 nautobot 8 label-studio 8 swift 7 jupyter-server 7 pysaml2 7 pgadmin4 7 lief 7 scrapy 7 ipython 7 pip 7 matrix-sydent 7 mailman 6 apache-airflow-providers-apache-hive 6 lxml 6 Zope2 6 sentry 6 tuf 6 web2py 6 horizon 6 graphite-web 6 mindsdb 6 inventree 6 bleach 5 pyspark 5 saleor 5 lmdb 5 ckan 5 requests 5 python-gnupg 5 feedparser 5 whoogle-search 5 Products.CMFPlone 5 paramiko 5 cinder 5 jupyterhub 4 tripleo-heat-templates 4 bottle 4 Radicale 4 aws-iot-device-sdk-v2 4 Pygments 4 reportlab 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 markdown2 4 awsiotsdk 4 nltk 4 starlette 4 nvflare 4 datasette 4 Jinja2 4 ansible-core 4 transformers 4 esphome 4 httpie 4 Flask-Security-Too 4 grpc 4 keylime 4 grpcio 4 oauthenticator 4 FreeTAKServer-UI 4 tornado 4 PyPDF2 4 buildbot 4 pretix 4 werkzeug 4 GitPython 4 omero-web 4 yt-dlp 4 jwcrypto 4 qutebrowser 4 mistune 3 Mezzanine 3 gerapy 3 SQLAlchemy 3 copyparty 3 django-helpdesk 3 Werkzeug 3 dulwich 3 pyyaml 3 sanic 3 flask 3 pandasai 3 mayan-edms 3 barbican 3 aim 3 indy-node 3 protobuf 3 ryu 3 streamlit 3 httplib2 3 sosreport 3 zenml 3 sickrage 3 rsa 3 Weblate 3 ujson 3 openvpn-monitor 3 Keystone 3 pyarrow 3 Products.PluggableAuthService 3 changedetection.io 3 ajenti 3 fava 3 Moin 3 pycrypto 3 mitmproxy 3 keyring 3 io.grpc:grpc-protobuf 3 wger 3 apache-libcloud 3 ecdsa 3 plone.app.event 3 plone.app.theming 3 plone.app.dexterity 3 plone.supermodel 3 sqlparse 3 homeassistant 3 onnx 3 asyncua 3 torchserve 3 ansible-runner 3 localstack 3 poetry 3 bitlyshortener 3 indico 3 octavia 3 slixmpp 3 jupyterlab 3 clearml 3 docassemble.webapp 3 apache-iotdb 3 asyncssh 3 quokka 3 pywasm3 3 apache-airflow-providers-apache-spark 3 ray 3 python-jose 3 pymatgen 2 pyxdg 2 openapi-python-client 2 wagtail-2fa 2 zope2 2 py 2 ctx 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/apache/airflow 90 https://github.com/django/django 74 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/mlflow/mlflow 25 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/modoboa/modoboa 13 https://github.com/gradio-app/gradio 13 https://github.com/twisted/twisted 12 https://github.com/urllib3/urllib3 11 https://github.com/aio-libs/aiohttp 11 https://github.com/openstack/keystone 11 https://github.com/onionshare/onionshare 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/giampaolo/pyftpdlib 9 https://github.com/Pylons/waitress 9 https://github.com/apache/superset 9 https://github.com/ethyca/fides 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/scrapy/scrapy 8 https://github.com/nautobot/nautobot 8 https://github.com/octoprint/octoprint 8 https://github.com/numpy/numpy 8 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/aubio/aubio 7 https://github.com/lief-project/LIEF 7 https://github.com/graphite-project/graphite-web 6 https://github.com/getsentry/sentry 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/lxml/lxml 6 https://github.com/pypa/pip 6 https://github.com/mindsdb/mindsdb 6 https://github.com/HumanSignal/label-studio 6 https://github.com/matrix-org/sydent 6 https://github.com/pallets/werkzeug 5 https://sourceforge.net/projects/sourceforge.net 5 https://github.com/openstack/nova 5 https://github.com/mozilla/bleach 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/hwchase17/langchain 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/openstack/horizon 5 https://github.com/benbusby/whoogle-search 5 https://github.com/yt-dlp/yt-dlp 4 https://github.com/jhpyle/docassemble 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/openstack/neutron 4 https://github.com/ckan/ckan 4 https://github.com/jupyterhub/oauthenticator 4 https://github.com/inventree/InvenTree 4 https://github.com/web2py/web2py 4 https://github.com/latchset/jwcrypto 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/WeblateOrg/weblate 4 https://github.com/Kozea/Radicale 4 https://github.com/huggingface/transformers 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/rohe/pysaml2 4 https://github.com/ronf/asyncssh 4 https://github.com/py-pdf/pypdf 4 https://github.com/bottlepy/bottle 4 https://github.com/grpc/grpc 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/simonw/datasette 4 https://github.com/tornadoweb/tornado 4 https://github.com/saleor/saleor 4 https://github.com/psf/requests 4 https://github.com/openstack/cinder 3 https://github.com/beancount/fava 3 https://github.com/encode/starlette 3 https://github.com/onnx/onnx 3 https://github.com/python/cpython 3 https://github.com/ome/omero-web 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/paramiko/paramiko 3 https://github.com/pallets/jinja 3 https://github.com/rochacbruno/quokka 3 https://github.com/poezio/slixmpp 3 https://github.com/pallets/flask 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/run-llama/llama_index 3 https://github.com/pretix/pretix 3 https://github.com/openstack/swift 3 https://github.com/pytorch/serve 3 https://github.com/djblets/djblets 3 https://github.com/dlitz/pycrypto 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/pyca/pyopenssl 3 https://github.com/openstack/octavia 3 https://github.com/pygments/pygments 3 https://github.com/pypa/advisory-db 3 https://github.com/openstack/glance 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/Gerapy/Gerapy 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/theupdateframework/tuf 3 https://github.com/github/securitylab 3 https://github.com/ansible/ansible-runner 3 https://github.com/trentm/python-markdown2 3 https://github.com/gventuri/pandas-ai 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/home-assistant/core 3 https://github.com/lepture/mistune 3 https://github.com/httplib2/httplib2 3 https://github.com/wasm3/wasm3 3 https://github.com/hyperledger/indy-node 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/yaml/pyyaml 3 https://github.com/9001/copyparty 3 https://github.com/zenml-io/zenml 3 https://github.com/indico/indico 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/streamlit/streamlit 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/mpdavis/python-jose 3 https://github.com/nltk/nltk 3 https://github.com/faucetsdn/ryu 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/sosreport/sos 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/furlongm/openvpn-monitor 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/Kozea/CairoSVG 2 https://github.com/DataDog/guarddog 2 https://github.com/dask/distributed 2 https://github.com/pretalx/pretalx 2 https://github.com/nexB/scancode.io 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/ethereum/eth-abi 2 https://github.com/plone/plone.restapi 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/IncludeSecurity/safeurl-python 2 https://github.com/cure53/DOMPurify 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/NVIDIA/NeMo 2 https://github.com/corydolphin/flask-cors 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/eventlet/eventlet 2 https://github.com/inventree/inventree 2 https://github.com/jrspruitt/ubi_reader 2 https://github.com/jpadilla/pyjwt 2 https://github.com/jelmer/dulwich 2 https://github.com/jdennis/keycloak-httpd-client-install 2 https://github.com/jaraco/keyring 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/geopython/OWSLib 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/materialsproject/pymatgen 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/goToMain/libosdp 2 https://github.com/marshmallow-code/webargs 2 https://github.com/django-wiki/django-wiki 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/man-group/dtale 2 https://github.com/embedchain/embedchain 2 https://github.com/heartexlabs/label-studio 2 https://github.com/encode/uvicorn 2 https://github.com/html5lib/html5lib-python 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/httpie/httpie 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/labd/wagtail-2fa 2 https://github.com/petl-developers/petl 2 https://github.com/Netflix/lemur 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/devsnd/cherrymusic 2 https://github.com/dbt-labs/dbt-core 2