Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi salt Security Advisories

Loading...
High
GSA_kwCzR0hTQS0ycXczLTJ3djYtcDY0eM4AA9Yp
Path traversal in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1xMjdjLWo2ajktNTN3M84AA9Yo
Directory creation by malicious user in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS12cGpnLXdtZjgtMjloOc4AA1sb
Salt vulnerable to denial of service
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xdmg2LTNqN3gtM2hxN84AA1sa
Salt can cause Git Providers to get wrong data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 10 months ago
High
GSA_kwCzR0hTQS1mcHhtLWZwcnctNmh4as4AAs_R
Salt's PAM auth fails to reject locked accounts
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14ZjM3LXFjdmYtN201N84AAp0a
Improper Authentication in SaltStack Salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oY2pmLXJwNWgtZzVoM84AAoPm
Command Injection in SaltStack Salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wbWo2LTlmOGMtOGcybc4AAnt9
Saltstack Salt Unauthenticated Arbitrary Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04cnA2LXgzcjctNXF3M84AAnsd
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13MmhyLTNtYzgtNDZnaM4AAnse
SaltStack Salt eauth tokens can be used once after expiration
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1naGMyLWh4M3ctanFtcM4AAnsb
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Nng0LXgzcDYtcnByOc4AAnsY
SaltStack Salt Directory Traversal vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNTV3LXhwaDUteHZ4Ms4AAnsZ
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM
SaltStack Salt Server Side Template Injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14eHczLTc2NW0tZjM3cM4AAnsH
SaltStack Salt Improper Authentication vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NTg5LXIzMzUtNGY1Nc4AAnsP
SaltStack Salt Improper Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1waGh3LTN3YzktOHE3Nc4AAnsW
SaltStack Salt command injection via a crafted process name
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xeDcyLXE2dzMtcWdjN84AAnsJ
SaltStack Salt Improper SSL Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xcjM4LWg5NmotMmozd84AAmhh
SaltStack Salt Command Injection in netapi ssh client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yOWozLTI0NDYtNWo0d84AAmhY
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zYzU2LXZ4NnYtcTV2aM4AAmhj
SaltStack Salt Allows creating certificates with weak file permissions
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wamhmLXZweDMtMzNyM84AAklg
SaltStack Salt Unauthenticated Remote Code Execution
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cDQ5LTJnNHItbTN4M84AAklX
SaltStack Salt is vulnerable Arbitrary Directory Access
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xNTNqLXA2cjItZzJ2NM4AAjV1
SaltStack Salt is vulnerable to command injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oOHhwLWgzamYtd3Y0ds4AAhVu
SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS03d3gzLXZyMmYtNnAyOc4AAe6H
SaltStack Privilege Escalation vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qbXY5LTVneDgtN3hwZs4AAe6X
Minion identity not validated in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xcjN4LXY5N3AtNDJ4d84AAe55
SaltStack insecurely uses /tmp
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mMjJqLTM3amotY3h3Oc4AAe6U
SaltStack MITM SSH attack in salt-ssh
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ODlmLTRtYzQtaDZ3Oc4AAe54
Salt has insufficient argument validation in several modules
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12MnJwLTljcGotcGZ3Ms4AAcAp
Salt Insecure configuration of PAM external authentication service
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1odm1qLTM1NmMtZ3BmNM4AAb_m
Salt allows deleted minions to read or write to minions with the same id
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02cHJ3LTh4aG0taDI0N84AAb59
Salt uses weak permissions on the cache data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05MnB3LW1mZjktanFnbc4AAbtJ
Salt improper handling of tmp files
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02Z3JwLTc1cHEtYzhjas4AAbtM
SaltStack has insecure /tmp file handling in salt/modules/chef.py
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Y3g0LTV3cTctZzVnN84AAbpc
SaltStack Salt Information Exposure
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jeG00LTdxY3ctMjY3cs4AAadQ
salt password information leaked in debug logs
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZnIzLTljajgtaDJxbc4AAZnm
SaltStack Salt Insecure Temporary File Creation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14eHZqLThnNW0tNHFnd84AAZkW
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mMmg3LTRmODQtOHFybc4AAYb8
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xMng2LThnZmotaGp4d84AAYQJ
salt leaks git usernames and passwords to the log
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qNmdqLXBnNjIteDhqNs4AAYNc
SaltStack Salt Directory traversal vulnerability in minion id validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS02NTdwLWNqNXItbWpyaM4AAYMj
SaltStack Salt Denial of Service via a crafted authentication request
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS04ajlnLWM5cnAtanZnNM4AAWfQ
Salt vulnerable to Improper Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cWg0LWNyamYtamp4eM4AAVIw
Salt Improper Access Control
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nMjgzLTg4djUtcm1xMs4AASb0
SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS04cjdyLXg0OHItcGY4Zs4AASVW
SaltStack Salt arbitrary command execution in Salt-api via ssh_client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LXBwcG0tZ2p2cs4AAQNk
SaltStack Salt Directory Traversal vulnerability in salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14NTQ5LXI3bTgtZ3Y2M84AAQNo
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ncTI2LWNwcTYtdzg1cs3gWg
SaltStack RSA Key Generation allows remote users to decrypt communications
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ycTRnLXdmbTYtNWZwbc02rA
SaltStack Improper Verification of Cryptographic Signature
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jdmNjLTV4OTItZ21oY802tg
SaltStack Salt Improper Authentication via Man in the Middle Attack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xY3IzLWhyMmYtNjU1N802vw
SaltStack Salt Permissions Bypass
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01cjNmLTNtM2otd2NqMs02qA
SaltStack Salt Authentication Bypass by Capture-replay
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wZjdoLWgyd3EtbTdwZ80XuQ
Exposure of Resource to Wrong Sphere in salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
Statistics
Advisories: 19,486
Packages: 8,600
Repositories: 4
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 apache-airflow 80 django 80 ansible 63 salt 55 Plone 52 apache-superset 50 nova 47 mlflow 46 plone 43 rdiffweb 42 Pillow 41 vyper 38 Django 36 matrix-synapse 35 moin 35 keystone 31 opencv-python 30 opencv-contrib-python 30 glance 20 langchain 19 gradio 18 cobbler 17 mercurial 17 PaddlePaddle 17 neutron 16 pillow 16 paddlepaddle 15 notebook 15 cryptography 15 pyload-ng 14 modoboa 14 pyftpdlib 14 ethyca-fides 13 OctoPrint 13 vantage6 13 urllib3 12 wagtail 12 swift 12 calibreweb 11 twisted 11 zenml 11 aiohttp 11 onionshare-cli 11 horizon 11 trytond 10 Flask-AppBuilder 10 nautobot 10 zope 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 Zope 9 kiwitcms 9 cinder 9 waitress 9 aubio 8 trac 8 numpy 8 label-studio 8 python-keystoneclient 8 jupyter-server 7 lollms 7 sentry 7 lief 7 ipython 7 matrix-sydent 7 scrapy 7 pip 7 pysaml2 7 pgadmin4 7 litellm 7 yt-dlp 6 tornado 6 Zope2 6 Moin 6 graphite-web 6 apache-airflow-providers-apache-hive 6 mailman 6 requests 6 web2py 6 tuf 6 mindsdb 6 lxml 6 inventree 6 nltk 5 Products.CMFPlone 5 Jinja2 5 python-gnupg 5 feedparser 5 whoogle-search 5 omero-web 5 saleor 5 lmdb 5 oauthenticator 5 paramiko 5 pyspark 5 ckan 5 bleach 5 PyPDF2 4 jupyterhub 4 buildbot 4 Scrapy 4 datasette 4 esphome 4 transformers 4 tripleo-heat-templates 4 ansible-core 4 reportlab 4 FreeTAKServer-UI 4 grpcio 4 grpc 4 GitPython 4 nvflare 4 Flask-Security-Too 4 httpie 4 markdown2 4 Pygments 4 starlette 4 barbican 4 Weblate 4 werkzeug 4 Radicale 4 keylime 4 bottle 4 qutebrowser 4 jwcrypto 4 Keystone 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 Werkzeug 4 pretix 4 Red-DiscordBot 3 torchserve 3 langchain-experimental 3 streamlit 3 apache-libcloud 3 ujson 3 SQLAlchemy 3 Kallithea 3 pywasm3 3 mayan-edms 3 poetry 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.theming 3 plone.app.event 3 gerapy 3 protobuf 3 dbt-core 3 bitlyshortener 3 pyyaml 3 sanic 3 vanna 3 sqlparse 3 ajenti 3 Products.PluggableAuthService 3 ydata-profiling 3 Nova 3 copyparty 3 httplib2 3 scikit-learn 3 django-helpdesk 3 jupyterlab 3 homeassistant 3 onnx 3 aim 3 indy-node 3 pyarrow 3 mitmproxy 3 pandasai 3 apache-iotdb 3 apache-airflow-providers-apache-spark 3 octavia 3 asyncua 3 certifi 3 slixmpp 3 openvpn-monitor 3 changedetection.io 3 flask 3 wger 3 keyring 3 clearml 3 docassemble.webapp 3 sosreport 3 mistune 3 sickrage 3 Mezzanine 3 io.grpc:grpc-protobuf 3 dtale 3 ansible-runner 3 localstack 3 django-tinymce 3 h2o 3 fava 3 TinyMCE 3