Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qNmdqLXBnNjIteDhqNs4AAYNc
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jaGo3LXczZjYtY3Zmas4AA4mF
Code Injection in paddlepaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1tMjY5LXdqNmctYzQ1Oc4AAb4u
PySAML2 XML external entity attack
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04N3I3LXE1NGotZjlxZ84AAdKx
OpenStack Murano Code Execution
Ecosystems: pypi
Packages: python-muranoclient, murano-dashboard, murano
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the server
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3dzItdjd4ai14cmM2
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03ZzQ3LXh4ZmYtOXA4Nc0WIA
Remote unauthenticated attackers able to upload files in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nMjgzLTg4djUtcm1xMs4AASb0
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code execution
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14NDIyLTZxaHYtcDI5Z84AAzAd
Relative path traversal in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mNGc0LWNqOGYtM2NyOc4AAXos
OpenStack Nova logs sensitive context from notification exceptions
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_download
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM
SaltStack Salt Server Side Template Injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nd3FxLTZ2cTctNWo4Ns4AA1D8
langchain Code Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1oaDdqLXBnMzktcTU2M84AAzdO
toui allows user-specific variables to be shared between users
Ecosystems: pypi
Packages: toui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS00ZzgyLTNqY3ItcTUyd84AArNL
Malware in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14NTQ5LXI3bTgtZ3Y2M84AAQNo
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14eHczLTc2NW0tZjM3cM4AAnsH
SaltStack Salt Improper Authentication vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wcjc2LTVjbTUtdzljas4AA1Py
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 43.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS0yOWozLTI0NDYtNWo0d84AAmhY
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02NGN3LW01N2otNjV4as4AAgWy
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoamgtZ2h3eC02aDdy
modulemd uses an unsafe function for processing externally provided data
Ecosystems: pypi
Packages: modulemd
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1odm1qLTM1NmMtZ3BmNM4AAb_m
Salt allows deleted minions to read or write to minions with the same id
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Nng0LXgzcDYtcnByOc4AAnsY
SaltStack Salt Directory Traversal vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yanh3LTRobTQtNnc4N84AA4mj
SQL injection in llama-index
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 4 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxMjctdjd4cC1jMzU2
Buffer Overflow in pycrypto
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS04NDM0LXY3eHctOG05eM0loA
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Ecosystems: pypi
Packages: APKLeaks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wamhmLXZweDMtMzNyM84AAklg
SaltStack Salt Unauthenticated Remote Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xNTNqLXA2cjItZzJ2NM4AAjV1
SaltStack Salt is vulnerable to command injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wOTloLXBmZzYtcXJmZ84AA3r0
Privilege escalation in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01OGg4LTQ0bWctcjQzeM3gIA
ReviewBoard and Djblets library are vulnerable to code execution
Ecosystems: pypi
Packages: ReviewBoard, djblets
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3cDUtNTc1OS1xdjQ2
Data leak in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1nNTk0LTU1bXAtZjZxOM4AAwRe
Improper Privilege Management in rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01cDh2LTU4cW0tYzdmcM4AAu9_
python-jwt vulnerable to token forgery with new claims
Ecosystems: pypi
Packages: python-jwt
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yNHY0LTNqajctamMyOc4AAiSP
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Ecosystems: pypi
Packages: octavia
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13Nnh2LW1mNmYtcjVmNs4AAlwU
Scalyr Agent Missing SSL Certificate Validation
Ecosystems: pypi
Packages: scalyr-agent-2
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05cTl2LXFnd3gtODRtcs4AA05R
Command injection in PaddlePaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 10 months ago
Critical
GSA_kwCzR0hTQS02NmM3LTVwd3YtbW0zas4AArAK
Ansible Code Injection Vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2angtOWc0OC0ycjVy
Arbitrary code execution due to YAML deserialization
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qM3E0LWdtajQtbWo5Nc4AAvB7
rdiffweb vulnerable to account access via session fixation
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jaDNqLXc5NTMtaGZjbc4AAfB9
graphite-web is vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tOTIzLXcyZ2otdjQzZ84AAfBZ
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00bXFnLWg1amYtajltN84AA2Ly
TorchServe Pre-Auth Remote Code Execution
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1oOHhwLWgzamYtd3Y0ds4AAhVu
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1taHA2LWp2cHgtMnA0bc4AA1jD
Heap-based buffer overflow in ZBar
Ecosystems: pypi
Packages: zbar
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03d3FmLWgzNnctNDdtY84AAwAE
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13N3FnLWo0MzUtNzhxd84AAydg
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Ecosystems: pypi
Packages: farm-haystack
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01NnhnLXdmY2MtZzgyOc4AA74j
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Ecosystems: pypi
Packages: llama-cpp-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 5 days ago
Critical
GSA_kwCzR0hTQS01MnhxLWo3djktdjR2Ms4AA5JI
Vyper array negative index vulnerability
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_download
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01OXFqLWpjanYtNjYyas4AA5Kb
DIRAC's TokenManager does not check permissions on cached tokens
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS04cTM4LXc1Nm0tcXEyY84AAxa1
Header injection in TurboGears
Ecosystems: pypi
Packages: TurboGears
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05Mmo1LTM0NTktcWdwNM4AA1T7
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1qY2htLWZtNHEtYzJmcM4AAzHG
Apache Airflow vulnerable to Privilege Context Switching Error
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04ZzIzLTJxNXAtODg2Ns4AAxzQ
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01ODh3LXc2bXYtM2N3Nc3sUg
Ansible Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5ZnYtZ3c2Zy04Y2Nn
Potential memory corruption in arrayfire
Ecosystems: pypi, cargo
Packages: arrayfire
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oMzg0LXBoNzctMzY5Oc4AAyNT
weixin-python XML External Entity vulnerability
Ecosystems: pypi
Packages: weixin-python
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS05ZnEyLXg5cjYtd2ZtZs4AAq9p
Numpy Deserialization of Untrusted Data
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12N21oLTNqZ2YtcjI2Y84AAaDG
OpenStack Object Storage (swift) Code Injection vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tOHh3LTl4NXgtNnZoM84AAwLr
py7zr directory traversal vulnerability
Ecosystems: pypi
Packages: py7zr
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02djU2LWNwZzYtM3JweM4AAQW7
Mercurial vulnerable to arbitrary code injection
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wZjNwLXY5eHAtbXJ2Zs4AAq3o
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwam0tcnAyZy0zcjRj
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Ecosystems: pypi
Packages: drf-jwt
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS1jNzRjLXA0cDctcjhxNc4AAiBu
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14OHgyLXdjMmgtd2M0OM4AAvV4
Missing rate limit on rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zcW1nLWM5dmMtcjQ3as4AAR1w
Mercurial is vulnerable to shell injection attack
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05cTYyLXI3MmctcHZ2N84AAiBq
py-lmdb Invalid write operation
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02bW1mLXY1cTctdncyd84AAqut
Asterix Heap-based Buffer Overflow
Ecosystems: pypi
Packages: asterix_decoder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mbXhqLTZoOWctNnZ3M84AA0y8
MLflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1jdjZqLTk4MzUtcDdmaM4AAugX
exotel-py 0.1.6 includes code execution backdoor inserted by a third party
Ecosystems: pypi
Packages: exotel
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04NGN3LW14aHYtcXZ2NM4AAdCH
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
Ecosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05OWo1LWZ2ZzMtNTRwbc4AAvef
Rdiffweb is missing authentication for critical function
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yd2hoLTZ4ODMtODR2Ns4AA4od
Cross-site Scripting in Apache superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xcDcyLTk2cDItZzY0NM4AAtSN
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Ecosystems: pypi
Packages: shiva
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wcmdwLXc3dmYtY2g2Ms4AA1T_
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNjMtNjR4Ny01N3hm
Path traversal in impacket
Ecosystems: pypi
Packages: impacket
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1mZmY4LTR3OXAtN3Y3Ns4AAbau
Command Injection in Pygments
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12NGY0LTIzd2MtOTltaM4AA0KW
pipreqs vulnerable to Dependency Confusion
Ecosystems: pypi
Packages: pipreqs
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1majMyLXE2MjYtcGpqY84AA1UA
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1dmgtNndody14NzQ1
Improper Authorization and Origin Validation Error in OneFuzz
Ecosystems: pypi
Packages: onefuzz
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1oNmd3LXI1MmMtNzI0cs0oig
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04ZnA5LTQzcHctNTZ2d84AA1UK
PandasAI vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 9 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2