Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yN3BqLXJ2d2ctdnhocs4AAehJ
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03djk0LTY0aGotbTgyaM0XDA
FPE in `ParallelConcat`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02aHB2LXYycngtYzVnNs0XCg
FPE in convolutions with zero size filters
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NnZqLTM5M2YtaHhmds4AAdk9
OpenStack Swift Cross-site Scriping vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOGM4LTY3dnAtNm14N80W-A
Arbitrary memory read in `ImmutableConst`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jZ3JqLXhqbTctOXEyN84AAtA6
Open redirect in web2py
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00ZnBnLWo1bXAtNzgzZ84AASrK
Cloudtoken Insufficiently Protects Credentials
Ecosystems: pypi
Packages: cloudtoken
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jeDU5LWNwNmMtOWZyOM2uTQ
pyftpdlib vulnerable to allocation of resources without limits
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4NXgtcXc0di02ODcy
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qaGpnLXcyY3AtNWo0NM4AAce9
Django DoS in django.views.static.serve
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14OTVoLTk3OXgtY2Yzas0Wmg
Policies not properly enforced in bluemonday
Ecosystems: go, pypi
Packages: github.com/microcosm-cc/bluemonday, pybluemonday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01aDJxLTRocnAtdjlycs4AAfPc
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzVqLXdjMzQtNTI3Y80Wdg
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nZ3dyLTR2cjgtZzd3ds4AA0pO
Apache Airflow Path Traversal vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yd2NqLXFyNzYtOTc2OM4AA4K6
PaddlePaddle segfault in paddle.put_along_axis
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tcjc4LXY1NXAtNzc3N84AA4K5
PaddlePaddle segfault in paddle.mode
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qM21qLWZocHEtcXFqas0osQ
Reachable Assertion in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4eHYtcDc4ci00ZmM2
Cross-site Scripting in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zYzU2LXZ4NnYtcTV2aM4AAmhj
SaltStack Salt Allows creating certificates with weak file permissions
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jNnBoLW04Y3ctcmZxaM4AA4K2
PaddlePaddle floating point exception in paddle.linalg.eig
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ZjZtLWdmcTktZzMzds4AAb62
Cross-site Scripting in html5lib
Ecosystems: pypi
Packages: html5lib
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00d3BoLTl2cm0tNnYzd84AAv6l
Rdiffweb vulnerable to Missing Authentication for Critical Function
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xaHc0LXd3cjctZ2pjNc4AAu2c
TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzbTktOWZqMi1tZndy
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Ecosystems: pypi
Packages: Products.isurlinportal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02MzRjLXYyeHYtZmZwZ80WTw
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3h2LTJqM2gtbWc1Oc0WTg
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qaHh3LTRodzQtbWhoN84AAgQB
MoinMoin improper access control on the included page for the rst parser
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1oeGZ3LWptOTgtdjRtcc0WQA
Divide By Zero in OpenCV.
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14M3JtLTY0NGgtNjdtOM0WPw
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ2d3LTJxNmctYzNtNs0WPQ
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cWNmLWhqOTItOTY3bc4AAtmk
Django REST framework XSS Vulnerability
Ecosystems: pypi
Packages: django-rest-framework
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOWc1LTk4cG0tdzZxN84AAVU1
Cobbler XSS Vulnerability
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jdndjLWc3ZnctN3hyas4AAf8c
Plone XSS Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxMzctODUzcC1nNWNm
Regular Expression Denial of Service in CairoSVG
Ecosystems: pypi
Packages: CairoSVG
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq
Improper Access Control in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jcTc2LW14cmMtdmNoaM0XGA
Crash in `tf.math.segment_*` operations
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1namo1LTk5OGctdjM2ds0keA
Improper Access Control in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02MjdxLWcyOTMtNDlxN80ovQ
Abort caused by allocating a vector that is too large in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12NjVnLWYzY2otZmpwNM4AAuXk
Regular expression denial of service in eth-account
Ecosystems: pypi
Packages: eth-account
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zOWdmLTg2NHctcHh3NM4AAuZP
Unverified Password Change in OctoPrint
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flaw
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jdzJyLTRwODItcXY3Oc4AA4Dz
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12M2Y3LWo5NjgtNGg1Zs0oaw
Division by zero in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yNTV3LXhwaDUteHZ4Ms4AAnsZ
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNDNoLXBnbWctNWhqcc4AAu22
TensorFlow vulnerable to `CHECK` fail in `MaxPool`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s
TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qNmY3LWhnaHctZzQzN84AAcGn
bottle.py vulnerable to CRLF Injection
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03Y3dnLTI1NzUtMzU0Ns4AARwd
Tryton Information Disclosure Vulnerability
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05Z3h4LTMycDctZmY3bc4AAy1g
Modoboa has Weak Password Requirements
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oZjk0LThteDUtMnZ2as4AAv-5
Cross-site Scripting in kiwitcms
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14d2M4LXJmNm0teHI4Ns4AA0KS
hnswlib Double Free vulnerability
Ecosystems: pypi
Packages: hnswlib
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcjUtcXBoZi12ZnI4
Cross Site Scripting (XSS) in Simiki
Ecosystems: pypi
Packages: simiki
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNjktM2NoZy02Zjht
Cross Site Scripting (XSS) in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01cHFmLXJ2bTctM3dnd84AAwgU
collective.contact.widget is vulnerable to cross-site scripting
Ecosystems: pypi
Packages: collective.contact.widget
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtZ3ctOHZwYy1yYzU5
Segfault on strings tensors with mistmatched dimensions, due to Go code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3cWYtandtOC1nN2Yz
FPE in LSH in TFLite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQL
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injection
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoeGgtOGNwMi1nNGhn
Use after free and segfault in shape inference functions
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3ZjctNTQ0aC02N2g5
FPE in TFLite pooling operations
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12NHE5LXFncWYtN2p3cM4AA15s
Gradio arbitrary file upload vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 8 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljOGgtMm12My00OXd3
Division by 0 in most convolution operators
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtanctYzJ2cC1wMzNj
Crash in NMS ops caused by integer conversion to unsigned
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmdzIteDlmOC0yZjZt
Cross-Site Scripting
Ecosystems: pypi
Packages: oncall
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13cHJyLW1jNTQtYzYycc4AAeNO
Exposure of Sensitive Information in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jNThqLTg4ZjUtaDUzZs4AAtG3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Ecosystems: pypi
Packages: pycares
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jbWc4LTVjNjMtcGc5Nc4AAVE7
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04d3dtLTYyNjQteDc5Ms4AArBY
Core dump when loading TFLite models with quantization in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1eG0tZzU4Zy0zcDg4
Integer division by 0 in sparse reshaping
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yOHdxLXFyeGMtaG1jbc0YMg
ReDoS in LDAP schema parser
Ecosystems: pypi
Packages: python-ldap
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
diffoscope Path Traversal vulnerability
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mNHJyLTVtN3Ytd3hjd84AArBV
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03NDNyLTVnOTItNXZnZs0YEw
Improper certificate management in AWS IoT Device SDK v2
Ecosystems: pypi, npm, maven
Packages: awsiotsdk, aws-iot-device-sdk-v2, software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yYzl3LTVjNjQtOXZxcc4AArBS
Missing validation results in undefined behavior in `SparseTensorDenseAdd
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jNHJoLTQzNzYtZ2ZmNM0YEg
Improper certificate management in AWS IoT Device SDK v2
Ecosystems: pypi, npm, maven
Packages: awsiotsdk, aws-iot-device-sdk-v2, software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jd3BtLWY3OHYtN201Y84AArBO
Denial of service in `tf.ragged.constant` due to lack of validation
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oMndxLXBydjktMmY1Ns4AArBF
Missing validation crashes `QuantizeAndDequantizeV4Grad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zbTNoLXY5aHYtOWo0aM0X9Q
Cross-site Scripting in django-wiki
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14eGo5LWY2cnYtbTN4NM4AA5IP
Django denial-of-service attack in the intcomma template filter
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ocTdnLXd3d3AtcTQ2aM4AAv--
`CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01M3dtLTk3cDYtNTgyZs3uNw
instack-undercloud vulnerable to symlink attack on tmp files
Ecosystems: pypi
Packages: instack-undercloud
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2