Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi pyload-ng Security Advisories

Browse all Security Advisories for pypi pyload-ng

Loading...
High
GSA_kwCzR0hTQS13N2hxLWYycGotYzUzZ84ABAtM
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Critical
GSA_kwCzR0hTQS1yOXBwLXI0eGYtNTk3cs4AA_YT
pyload-ng vulnerable to RCE with js2py sandbox escape
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0zZjd3LXA4dnItNHY1Zs4AA7Ss
pyLoad allows upload to arbitrary folder lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nM2NtLXFnMnYtMmhqNc4AA5Ev
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1tcXBxLTJwNjgtNDZmds4AA4Qg
pyload Unauthenticated Flask Configuration Leakage vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1naG13LXJ3aDgtNnFtcs4AA4PI
pyload Log Injection vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 1 year ago
Moderate
GSA_kwCzR0hTQS13Y202LXd2OTUtN2p3Ns4AAxNP
Cross-site Scripting in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djUzLTIzbXgtaGNmOc4AAxNf
Improper Certificate Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02am14LXB2Nzctd201d84AAxHU
Excessive Attack Surface in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjl4LXdtdzQtNDRxas4AAw74
Pyload Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oOHI5LTQ2N3ItdmpqZs4AAwv-
pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tM2c3LXdycnEtdjVjOM4AAwv4
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 1
Ecosystems: 12
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 Django 100 apache-airflow 85 Plone 72 ansible 63 salt 56 apache-superset 51 nova 47 mlflow 46 django 44 rdiffweb 42 plone 41 vyper 38 matrix-synapse 35 moin 35 gradio 34 opencv-python 31 opencv-contrib-python 31 keystone 31 Pillow 31 pillow 26 langchain 20 glance 20 mindsdb 18 mercurial 18 cobbler 18 notebook 17 neutron 16 pyload-ng 16 cryptography 16 paddlepaddle 16 PaddlePaddle 16 OctoPrint 15 calibreweb 15 ethyca-fides 15 aiohttp 14 modoboa 14 lollms 14 pyftpdlib 14 vantage6 13 swift 12 wagtail 12 zenml 12 urllib3 12 twisted 12 roundup 12 horizon 11 trytond 11 onionshare-cli 11 waitress 11 opencv-contrib-python-headless 10 nautobot 10 sentry 10 opencv-python-headless 10 Flask-AppBuilder 10 zope 9 ryu 9 kiwitcms 9 pyspark 9 python-keystoneclient 9 cinder 9 Zope 8 pgadmin4 8 label-studio 8 numpy 8 ipython 8 litellm 8 aubio 8 ckan 8 trac 8 jupyter-server 7 scrapy 7 inventree 7 pip 7 matrix-sydent 7 pysaml2 7 lief 7 Products.CMFPlone 7 tuf 6 graphite-web 6 aim 6 tornado 6 Moin 6 yt-dlp 6 mailman 6 requests 6 web2py 6 lxml 6 ansible-core 6 Zope2 6 mage-ai 6 apache-airflow-providers-apache-hive 6 changedetection.io 6 paramiko 5 saleor 5 werkzeug 5 grpc 5 grpcio 5 nltk 5 ait-core 5 langchain-experimental 5 feedparser 5 omero-web 5 Jinja2 5 oauthenticator 5 Werkzeug 5 bleach 5 jupyterhub 5 python-gnupg 5 whoogle-search 5 torchserve 5 lmdb 5 dtale 5 pretix 5 apache-submarine 4 nvflare 4 bottle 4 mobsf 4 Nova 4 esphome 4 Keystone 4 GitPython 4 reportlab 4 buildbot 4 Pygments 4 langchain-community 4 keylime 4 qutebrowser 4 jupyterlab 4 Scrapy 4 apache-iotdb 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 open-webui 4 Weblate 4 tripleo-heat-templates 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 Radicale 4 onnx 4 indico 4 PyPDF2 4 markdown2 4 langflow 4 barbican 4 Flask-Security-Too 4 jwcrypto 4 codechecker 4 pywasm3 4 dbt-core 4 streamlit 4 transformers 4 FreeTAKServer-UI 4 httpie 4 indy-node 4 wasmtime 4 openc3 3 Kallithea 3 rsa 3 jupyter-server-proxy 3 apache-airflow-providers-apache-spark 3 anki 3 mistune 3 Red-DiscordBot 3 quokka 3 fava 3 docassemble.webapp 3 mayan-edms 3 clearml 3 ray 3 snowflake-connector-python 3 asyncssh 3 slixmpp 3 octavia 3 scikit-learn 3 RestrictedPython 3 ansible-runner 3 sqlparse 3 io.grpc:grpc-protobuf 3 wasmtime 3 apache-libcloud 3 tinymce 3 protobuf 3 certifi 3 ajenti 3 httplib2 3 tinymce/tinymce 3 pandasai 3 SQLAlchemy 3 ujson 3 wger 3 TinyMCE 3 django-tinymce 3 asyncua 3 keyring 3 llama-index-core 3 flask 3 plone.supermodel 3 plone.app.dexterity 3