Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0ycDVoLWhwajQtZnhnZ84AAuwF
LIEF contains a segmentation violation
Ecosystems: pypi
Packages: lief
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Mnh4LXIzZzItcDhqbc4AAuxU
LIEF vulnerable to heap based buffer overflow
Ecosystems: pypi
Packages: lief
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jdzJ2LXd2NGctdzRwNs4AAu6H
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yN3BqLXJ2d2ctdnhocs4AAehJ
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00M2hjLXB3dngtcG1mZ84AAU0S
OpenStack Compute (Nova) Denial of Service vulnerability
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qNDNoLXBnbWctNWhqcc4AAu22
TensorFlow vulnerable to `CHECK` fail in `MaxPool`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03djk0LTY0aGotbTgyaM0XDA
FPE in `ParallelConcat`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02ODljLXI3aDItZnY5ds4AAu2x
TensorFlow vulnerable to segfault in `QuantizedMatMul`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNDc1LTUzdnctdnAyNc4AAu2s
TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05ZnBnLTgzOHYtd3B2N84AAu2v
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qamdoLW0zMjItZmp4Ns4AAg4R
Openstack Octavia Access Control Vulnerability
Ecosystems: pypi
Packages: octavia
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NnZqLTM5M2YtaHhmds4AAdk9
OpenStack Swift Cross-site Scriping vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNXZxLWd3MmMtcHE0N84AAu2i
TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cTZxLTZtMzItOXJ2Oc4AAu2l
TensorFlow vulnerable to `CHECK` fail in `SetSize`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mN3I1LXE3Y3gtaDY2OM4AAu2k
TensorFlow vulnerable to segfault in `BlockLSTMGradV2`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xaHc0LXd3cjctZ2pjNc4AAu2c
TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03OWgyLXE3NjgtZnB4cs4AAu2D
TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04MjhjLTVqNXEtdnJqcc4AAu2X
TensorFlow vulnerable to null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzbTktOWZqMi1tZndy
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Ecosystems: pypi
Packages: Products.isurlinportal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS05aGczLWhtbWYtYzNncs0hhg
Path Traversal in nemo-toolkit
Ecosystems: pypi
Packages: nemo-toolkit
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw
Zope Object Database (ZODB) Arbitrary files reading and deletion
Ecosystems: pypi
Packages: zodb3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ajR2LXBwMjgtbXh2N84AAu2F
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4NXgtcXc0di02ODcy
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02anA2LTlyZjktZ2M2Ns0u1Q
Cross-site Scripting in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qaHh3LTRodzQtbWhoN84AAgQB
MoinMoin improper access control on the included page for the rst parser
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qaGpnLXcyY3AtNWo0NM4AAce9
Django DoS in django.views.static.serve
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mNXg2LTdxZ3AtamhmM84AA04g
ecrecover can return undefined data if signature does not verify
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13eGN3LXJxeGMtaGo4Nc2owA
FTP backend for Duplicity Discloses Passwords to Process Listing
Ecosystems: pypi
Packages: duplicity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NXh3LXBjcXctaGpyaM0vEA
Cross site scripting in apache airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aDJxLTRocnAtdjlycs4AAfPc
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZnFtLWptNTItZjl2Y84AAvGZ
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xOWc1LTk4cG0tdzZxN84AAVU1
Cobbler XSS Vulnerability
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mdjI1LXdyZmYtd2Y4Ns4AArBE
Missing validation causes denial of service via `GetSessionTensor`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXJjLXJtcjUtNTI5as4AArBL
Missing validation causes denial of service via `LoadAndRemapMatrix`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cWNmLWhqOTItOTY3bc4AAtmk
Django REST framework XSS Vulnerability
Ecosystems: pypi
Packages: django-rest-framework
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jdndjLWc3ZnctN3hyas4AAf8c
Plone XSS Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yd2NqLXFyNzYtOTc2OM4AA4K6
PaddlePaddle segfault in paddle.put_along_axis
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxMzctODUzcC1nNWNm
Regular Expression Denial of Service in CairoSVG
Ecosystems: pypi
Packages: CairoSVG
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tcjc4LXY1NXAtNzc3N84AA4K5
PaddlePaddle segfault in paddle.mode
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2cGMtOHBoaC04ZjQ1
Out of bounds access in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1jZjRxLTRjcXItN2c3d80_oQ
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
Ecosystems: pypi
Packages: xml2rfc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qM21qLWZocHEtcXFqas0osQ
Reachable Assertion in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01YzhwLXFoY2gtcWh4Ns4AAuf2
Deluge Web-UI vulnerable to XSS through a crafted torrent file
Ecosystems: pypi
Packages: deluge
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oanA1LWh2MzMtcTU4Z82zkw
Plone credentials stored in session cookie
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4dnYtMnBtcS05ZnZ2
Moderate severity vulnerability that affects Plone and Zope2
Ecosystems: pypi
Packages: Plone, Zope2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xaDRxLWZ3ZjgtcXFyd84AAgJY
Zope Denial of Service (DoS) vulnerability in ZServer
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xaGNoLWc4cXItcDQ5N84AAd_A
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: cinder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03MmN4LTVmZjktNGhoY8098A
Cross-site scripting in markdown2 for python
Ecosystems: pypi
Packages: markdown2
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jNnBoLW04Y3ctcmZxaM4AA4K2
PaddlePaddle floating point exception in paddle.linalg.eig
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12NjVnLWYzY2otZmpwNM4AAuXk
Regular expression denial of service in eth-account
Ecosystems: pypi
Packages: eth-account
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zOWdmLTg2NHctcHh3NM4AAuZP
Unverified Password Change in OctoPrint
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ZjZtLWdmcTktZzMzds4AAb62
Cross-site Scripting in html5lib
Ecosystems: pypi
Packages: html5lib
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flaw
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00d3BoLTl2cm0tNnYzd84AAv6l
Rdiffweb vulnerable to Missing Authentication for Critical Function
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mcGZ2LWpxbTktZjVqbc0c3Q
Incorrect Comparison in NumPy
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yY21qLXhwOGYtZjZxNM25SA
Trac Open redirect vulnerability
Ecosystems: pypi
Packages: trac
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NTg5LXIzMzUtNGY1Nc4AAnsP
SaltStack Salt Improper Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNWZqLXJmaDYtcWo4Nc4AAzUI
Planet's secret file is created with excessive permissions
Ecosystems: pypi
Packages: planet
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03Y3dnLTI1NzUtMzU0Ns4AARwd
Tryton Information Disclosure Vulnerability
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ODRtLXJqMjgtOGM2eM4AAYda
Plone unauthorized member addition vulnerability
Ecosystems: pypi
Packages: Products.CMFPlone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cDQ5LTJnNHItbTN4M84AAklX
SaltStack Salt is vulnerable Arbitrary Directory Access
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02MzRjLXYyeHYtZmZwZ80WTw
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yNTV3LXhwaDUteHZ4Ms4AAnsZ
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3h2LTJqM2gtbWc1Oc0WTg
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjl4LXdtdzQtNDRxas4AAw74
Pyload Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNjUzLTk1cXctaDJtcM4AAiYA
Ansible leaks sensitive information to logs when told not to
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LXBwcG0tZ2p2cs4AAQNk
SaltStack Salt Directory Traversal vulnerability in salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oeGZ3LWptOTgtdjRtcc0WQA
Divide By Zero in OpenCV.
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02ODN3LTg0bTctcDhwd84AAePK
Plone User account enumeration via crafted URL
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jajc4LXJndzMtNGg1cM0xOw
Improper Restriction of XML External Entity Reference in trytond and proteus
Ecosystems: pypi
Packages: proteus, trytond
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14M3JtLTY0NGgtNjdtOM0WPw
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05NWNoLXAzZ3ctMjNxZ84AA1vM
Apache Superset has incorrect authorization check
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qZ2d3LTJxNmctYzNtNs0WPQ
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01cGN2LW04dzItNjJtOc4AAUqV
Ajenti Cross-site Scripting Via Filename
Ecosystems: pypi
Packages: ajenti
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcW1yLXJjcHItY3hoM84AAiwJ
Ansible password prompts could expose passwords
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ocHJyLTR2ZnEtZmN4d84AAoi2
Plone XSS in User Fullname Property and File Upload
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message Templates
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qdzg4LXd4djUtN2M0Zs4AAgH7
Directory traversal in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3NDktbTd4aC01cjM5
Cross-site scripting in papermerge
Ecosystems: pypi
Packages: papermerge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS0ycTc1LWY3Y3Atdzg2cc4AAeNT
Plone contains Cross-site Request Forgery
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qbXY5LTVneDgtN3hwZs4AAe6X
Minion identity not validated in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq
Improper Access Control in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS04NGptLWNwYzUtYzdnN84AAb_b
Plone XSS in Zope ZMI
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qZzh3LXdneDItZzdxNM4AAyzG
Improper Restriction of Excessive Authentication Attempts in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jcTc2LW14cmMtdmNoaM0XGA
Crash in `tf.math.segment_*` operations
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13bWh3LWZ2ZzktODdmY84AAbyL
OpenStack Glance Signature Verification Bypass
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2