Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi salt Security Advisories

Browse all Security Advisories for pypi salt

Loading...
Moderate
GSA_kwCzR0hTQS00Mjc3LW0zNXEtN2M5d84ABBVW
Salt preflight script could be attacker controlled
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1xMjdjLWo2ajktNTN3M84AA9Yo
Directory creation by malicious user in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 5 months ago
High
GSA_kwCzR0hTQS0ycXczLTJ3djYtcDY0eM4AA9Yp
Path traversal in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12cGpnLXdtZjgtMjloOc4AA1sb
Salt vulnerable to denial of service
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xdmg2LTNqN3gtM2hxN84AA1sa
Salt can cause Git Providers to get wrong data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mcHhtLWZwcnctNmh4as4AAs_R
Salt's PAM auth fails to reject locked accounts
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS14ZjM3LXFjdmYtN201N84AAp0a
Improper Authentication in SaltStack Salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oY2pmLXJwNWgtZzVoM84AAoPm
Command Injection in SaltStack Salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wbWo2LTlmOGMtOGcybc4AAnt9
Saltstack Salt Unauthenticated Arbitrary Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04cnA2LXgzcjctNXF3M84AAnsd
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13MmhyLTNtYzgtNDZnaM4AAnse
SaltStack Salt eauth tokens can be used once after expiration
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1naGMyLWh4M3ctanFtcM4AAnsb
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM
SaltStack Salt Server Side Template Injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS03Nng0LXgzcDYtcnByOc4AAnsY
SaltStack Salt Directory Traversal vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14eHczLTc2NW0tZjM3cM4AAnsH
SaltStack Salt Improper Authentication vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yNTV3LXhwaDUteHZ4Ms4AAnsZ
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xeDcyLXE2dzMtcWdjN84AAnsJ
SaltStack Salt Improper SSL Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1waGh3LTN3YzktOHE3Nc4AAnsW
SaltStack Salt command injection via a crafted process name
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NTg5LXIzMzUtNGY1Nc4AAnsP
SaltStack Salt Improper Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yOWozLTI0NDYtNWo0d84AAmhY
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xcjM4LWg5NmotMmozd84AAmhh
SaltStack Salt Command Injection in netapi ssh client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zYzU2LXZ4NnYtcTV2aM4AAmhj
SaltStack Salt Allows creating certificates with weak file permissions
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wamhmLXZweDMtMzNyM84AAklg
SaltStack Salt Unauthenticated Remote Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cDQ5LTJnNHItbTN4M84AAklX
SaltStack Salt is vulnerable Arbitrary Directory Access
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xNTNqLXA2cjItZzJ2NM4AAjV1
SaltStack Salt is vulnerable to command injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oOHhwLWgzamYtd3Y0ds4AAhVu
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS03d3gzLXZyMmYtNnAyOc4AAe6H
SaltStack Privilege Escalation vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qbXY5LTVneDgtN3hwZs4AAe6X
Minion identity not validated in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mMjJqLTM3amotY3h3Oc4AAe6U
SaltStack MITM SSH attack in salt-ssh
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xcjN4LXY5N3AtNDJ4d84AAe55
SaltStack insecurely uses /tmp
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12ODlmLTRtYzQtaDZ3Oc4AAe54
Salt has insufficient argument validation in several modules
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12MnJwLTljcGotcGZ3Ms4AAcAp
Salt Insecure configuration of PAM external authentication service
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1odm1qLTM1NmMtZ3BmNM4AAb_m
Salt allows deleted minions to read or write to minions with the same id
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS02cHJ3LTh4aG0taDI0N84AAb59
Salt uses weak permissions on the cache data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02Z3JwLTc1cHEtYzhjas4AAbtM
SaltStack has insecure /tmp file handling in salt/modules/chef.py
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05MnB3LW1mZjktanFnbc4AAbtJ
Salt improper handling of tmp files
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS14Y3g0LTV3cTctZzVnN84AAbpc
SaltStack Salt Information Exposure
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jeG00LTdxY3ctMjY3cs4AAadQ
salt password information leaked in debug logs
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tZnIzLTljajgtaDJxbc4AAZnm
SaltStack Salt Insecure Temporary File Creation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14eHZqLThnNW0tNHFnd84AAZkW
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mMmg3LTRmODQtOHFybc4AAYb8
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xMng2LThnZmotaGp4d84AAYQJ
salt leaks git usernames and passwords to the log
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qNmdqLXBnNjIteDhqNs4AAYNc
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NTdwLWNqNXItbWpyaM4AAYMj
SaltStack Salt Denial of Service via a crafted authentication request
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS04ajlnLWM5cnAtanZnNM4AAWfQ
Salt vulnerable to Improper Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cWg0LWNyamYtamp4eM4AAVIw
Salt Improper Access Control
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nMjgzLTg4djUtcm1xMs4AASb0
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS04cjdyLXg0OHItcGY4Zs4AASVW
SaltStack Salt arbitrary command execution in Salt-api via ssh_client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14NTQ5LXI3bTgtZ3Y2M84AAQNo
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LXBwcG0tZ2p2cs4AAQNk
SaltStack Salt Directory Traversal vulnerability in salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ncTI2LWNwcTYtdzg1cs3gWg
SaltStack RSA Key Generation allows remote users to decrypt communications
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xY3IzLWhyMmYtNjU1N802vw
SaltStack Salt Permissions Bypass
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01cjNmLTNtM2otd2NqMs02qA
SaltStack Salt Authentication Bypass by Capture-replay
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycTRnLXdmbTYtNWZwbc02rA
SaltStack Improper Verification of Cryptographic Signature
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jdmNjLTV4OTItZ21oY802tg
SaltStack Salt Improper Authentication via Man in the Middle Attack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wZjdoLWgyd3EtbTdwZ80XuQ
Exposure of Resource to Wrong Sphere in salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 4
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 Django 100 apache-airflow 85 Plone 72 ansible 63 salt 56 apache-superset 51 nova 47 mlflow 46 django 44 rdiffweb 42 plone 41 vyper 38 matrix-synapse 35 moin 35 gradio 34 Pillow 31 opencv-contrib-python 31 opencv-python 31 keystone 31 pillow 26 langchain 20 glance 20 mercurial 18 mindsdb 18 cobbler 18 notebook 17 paddlepaddle 16 neutron 16 cryptography 16 PaddlePaddle 16 pyload-ng 16 calibreweb 15 OctoPrint 15 ethyca-fides 15 modoboa 14 lollms 14 pyftpdlib 14 aiohttp 14 vantage6 13 twisted 12 roundup 12 wagtail 12 swift 12 urllib3 12 zenml 12 trytond 11 onionshare-cli 11 horizon 11 waitress 11 sentry 10 opencv-contrib-python-headless 10 opencv-python-headless 10 nautobot 10 Flask-AppBuilder 10 pyspark 9 cinder 9 ryu 9 python-keystoneclient 9 kiwitcms 9 zope 9 ipython 8 pgadmin4 8 numpy 8 litellm 8 aubio 8 trac 8 ckan 8 label-studio 8 Zope 8 matrix-sydent 7 scrapy 7 inventree 7 pysaml2 7 lief 7 Products.CMFPlone 7 pip 7 jupyter-server 7 tuf 6 yt-dlp 6 tornado 6 graphite-web 6 web2py 6 requests 6 lxml 6 mage-ai 6 Moin 6 ansible-core 6 Zope2 6 apache-airflow-providers-apache-hive 6 mailman 6 changedetection.io 6 aim 6 torchserve 5 langchain-experimental 5 ait-core 5 paramiko 5 Jinja2 5 whoogle-search 5 python-gnupg 5 bleach 5 Werkzeug 5 feedparser 5 dtale 5 pretix 5 saleor 5 lmdb 5 omero-web 5 grpcio 5 nltk 5 grpc 5 jupyterhub 5 werkzeug 5 oauthenticator 5 bottle 4 streamlit 4 GitPython 4 buildbot 4 qutebrowser 4 httpie 4 jwcrypto 4 onnx 4 Radicale 4 Keystone 4 transformers 4 mobsf 4 langflow 4 open-webui 4 nvflare 4 indico 4 markdown2 4 FreeTAKServer-UI 4 Nova 4 Flask-Security-Too 4 apache-iotdb 4 Pygments 4 Scrapy 4 pywasm3 4 Weblate 4 esphome 4 codechecker 4 jupyterlab 4 keylime 4 reportlab 4 dbt-core 4 tripleo-heat-templates 4 barbican 4 awsiotsdk 4 PyPDF2 4 wasmtime 4 aws-iot-device-sdk-v2 4 langchain-community 4 indy-node 4 apache-submarine 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 pyyaml 3 rsa 3 keystonemiddleware 3 jupyter-server-proxy 3 slixmpp 3 SQLAlchemy 3 sqlparse 3 scikit-learn 3 pandasai 3 sosreport 3 RestrictedPython 3 localstack 3 apache-libcloud 3 httplib2 3 ajenti 3 mitmproxy 3 certifi 3 starlette 3 clearml 3 sanic 3 protobuf 3 openc3 3 openc3 3 snowflake-connector-python 3 mayan-edms 3 torch 3 wasm3 3 apache-airflow-providers-apache-spark 3 mysql-connector-python 3 ydata-profiling 3 pycrypto 3 llama-index 3 python-jose 3 ujson 3 vanna 3 mistune 3 openstack-heat 3 Products.PluggableAuthService 3 django-cms 3 pyarrow 3 django-helpdesk 3 docassemble.webapp 3 micropython-copy 3
Filter by Repository
https://github.com/saltstack/salt 34 https://github.com/twangboy/salt 1 https://github.com/stealthcopter/CVE-2020-28243 1