Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtcDctZjJ2cC0zcnE0
Cross-site scripting in SiCKRAGE
Ecosystems: pypi
Packages: sickrage
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4MjMtajdjNC12cGM1
Cross-site scripting in sickrage
Ecosystems: pypi
Packages: sickrage
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4cGotZjVnMi04cDdt
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer
Ecosystems: pypi
Packages: asyncpg
Source: GitHub Advisory Database
Blast Radius: 37.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwM2gtcWdocC1odmgy
Open Redirect in werkzeug
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjZ20tM3h3NC1oNXA4
Improper Restriction of XML External Entity Reference in pikepdf
Ecosystems: pypi
Packages: pikepdf
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyNDgtdjRxaC14MnI2
Improper Certificate Validation in blackduck
Ecosystems: pypi
Packages: blackduck
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3NTctanA4NC1neGZ4
Improper Input Validation in PyYAML
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cDctdnFyNS1oMzNo
Open Redirect in autobahn
Ecosystems: pypi
Packages: autobahn
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4YzUtZ2dwcC1nMjQ5
pwntools Server-Side Template Injection (SSTI) vulnerability
Ecosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNWgtZjlwNS1xN2Z4
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyd2MtYzl3ai02cTJ2
VVE-2021-0001: Memory corruption using function calls within arrays
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3NW0tNWZ2di14cTIz
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNzQtNG01Zy1mY2p4
Malicious users could abuse Sydent to control the content of invitation emails
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqaG0tOG04Yy1jM2Y0
SSRF in Sydent due to missing validation of hostnames
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtZzQtOGNwMi1ocGc5
Sydent vulnerable to denial of service attack via memory exhaustion
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NHYtZ3IzNC0yNTUz
Sydent DoS (via resource exhaustion) due to improper input validation
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnaGYtMzQ3eC1jMmdq
SQL Injection via in django-debug-toolbar
Ecosystems: pypi
Packages: django-debug-toolbar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networks
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzcnEtcDhmcC01MjRx
Potential API key leak
Ecosystems: pypi
Packages: sopel-modules.weather
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzYzctNjQ0NC0zOTlt
Improper Input Validation in sopel-plugins.channelmgnt
Ecosystems: pypi
Packages: sopel-plugins.channelmgnt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhneGMtdjJxZy1jaG1o
Directory Traversal in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cTQtcjZtci05eDY0
CSRF Vuln can expose user's QRcode
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdncGotN2Myai12Zmpt
Indico Tampering with links (e.g. password reset) in sent emails
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjZzgtOThxOC1nN21q
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjOGMtODR3Mi1qMzhq
Improper Restriction of XML External Entity Reference in Plone
Ecosystems: pypi
Packages: plone.supermodel, plone.app.dexterity, plone.app.theming, plone.app.event, Plone
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3d2YtNW1qYy02eDc2
SSRF attacks via tracebacks in Plone
Ecosystems: pypi
Packages: plone.supermodel, plone.app.dexterity, plone.app.theming, plone.app.event, Plone
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNngtZzY4NS13NWYy
Improper Restriction of XML External Entity Reference in Plone
Ecosystems: pypi
Packages: plone.supermodel, plone.app.dexterity, plone.app.theming, plone.app.event, Plone
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcTMtNXB4dy00d2o0
Cross-Site Request Forgery in Webargs
Ecosystems: pypi
Packages: webargs
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq
Improper Access Control in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoeDktN2h4Ny1jcDRy
bottle HTTP Request smuggling
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtYzctbWZtci14cXJ4
Logic error in authentication in proxy.py
Ecosystems: pypi
Packages: proxy.py
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZndjUtY3h2aC12Znho
Arbitrary code execution in clickhouse-driver
Ecosystems: pypi
Packages: clickhouse-driver
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2MmctamhnNi12M3Jx
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3ZzMtM2o1dy02NHc0
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmcjItcXB4aC1xajlt
Path Traversal in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2aHAtY2o5ai0zM3Z2
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyM3AtZnIyYy1nNW0y
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4YzctcHg1di04Mmho
Potential sensitive information disclosed in error reports
Ecosystems: pypi
Packages: django-registration
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12ZzkteGZmci1wNzc0
Out of bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDItaGdxMi0yZzRm
Regular Expression Denial of Service (ReDoS) in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4anEtOGZjZy1nNWh3
Out-of-bounds Write in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3ctZzNjNS1nNW1x
Out of bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3aDMtOXJnci1jMjRt
Out of bounds write in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxNjQtdjdmNS1ncWg4
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wdnctMjVtZy01OXZ4
Server-side Request Forgery (SSRF) via img tags in reportlab
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notifications
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxNTktcTY4aC02aHY0
Improper Input Validation in PyYAML
Ecosystems: pypi
Packages: PyYAML
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzN2gtcnY5cS12dnBo
Python-RSA decryption of ciphertext leads to DoS
Ecosystems: pypi
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0cmYtcGMyNi02aG1y
OMERO webclient does not validate URL redirects on login or switching group.
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmcDItdzVqbS05NTVx
OMERO.web exposes some unnecessary session information in the page
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxNHYtZjVxNi1tanFx
lxml vulnerable to Cross-Site Scripting
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4ODMtM3BoMy05ajJx
Cross-site Scripting (XSS) in Django REST Framework
Ecosystems: pypi
Packages: djangorestframework
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1NDItOHE5eC1jZmZj
Django Channels leakage of session identifiers using legacy AsgiHandler
Ecosystems: pypi
Packages: channels
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczcnEtZzI5NS00ajNt
Regular Expression Denial of Service (ReDoS) in Jinja2
Ecosystems: pypi
Packages: jinja2
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwaGYtcHA3cC12YzJy
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Z2otaDlnbS1ndzQ0
Django Incorrect Default Permissions
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyMjgtNTY5ai01M2M0
Django Incorrect Default Permissions
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2Z2YtNmg2aC0zMzIy
Django Directory Traversal via archive.extract
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZzgtNXFxNy05Mzh3
Pillow Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmNjQteDRncS1wOTlo
Pillow Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxY2otd3JmMi03djcz
Pillow Out-of-bounds Write
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3dmctbWo2Zy1tOWN2
Pillow Uncontrolled Resource Consumption
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0dzgtY3Y2cC14NnI1
Pillow Denial of Service by Uncontrolled Resource Consumption
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1cTMtOGdyOS1nbTh3
Pillow Denial of Service by Uncontrolled Resource Consumption
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyNzgtODh2di14OThy
Execution of untrusted code through config file
Ecosystems: pypi
Packages: tenable-jira-cloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZjMtbXdwMy1mOGN3
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Ecosystems: pypi
Packages: Products.GenericSetup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0NGoteHJxZy00eHJy
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Ecosystems: pypi
Packages: Products.PluggableAuthService
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3NWYtZzdneC0ycjdw
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager
Ecosystems: pypi
Packages: Products.PluggableAuthService
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxZmYtZngyeC1wODZ2
Improper Authentication
Ecosystems: pypi
Packages: botframework-connector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3gtbWpybS12M2c4
Denial of service attack via .well-known lookups
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requests
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3AtNG02Zi1nY2pn
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqNGctNDQ4OC13bXht
Dynamic modification of RPyC service due to missing security check
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJobTktcDl3NS1md203
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 46.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzeGotOG1ydi00NDRt
Regular Expression Denial of Service (REDoS) in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwaDItODMzNy1obTYy
Key Caching behavior in the DynamoDB Encryption Client.
Ecosystems: pypi
Packages: dynamodb-encryption-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2MngtdnJwai1xcXBx
Cross-site scripting in Bleach
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwM3gtcjQ0OC1wYzYy
Improper Verification of Cryptographic Signature in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0ZzktaDg5aC1qZ3Y5
SAML XML Signature wrapping in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoN20tcng0Zi00dnB2
CSRF can expose users authentication token
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnd3cteGY0Ni1oOTJy
lxml vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxMzctODUzcC1nNWNm
Regular Expression Denial of Service in CairoSVG
Ecosystems: pypi
Packages: CairoSVG
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmNjYtNTR4Zy1wYzJj
Jupyter Server open redirect vulnerability
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2Y3YtODMycS1mamc3
RSA weakness in tslite-ng
Ecosystems: pypi
Packages: tlslite-ng
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM3AtZmN2bS14aDdj
SSRF vulnerability in Arache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2Y3EtZ21jMy1xNm04
Apache Airflow logs passwords in plaintext
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNjMtZnZ4bS1tNW13
Heap out of bounds access in MakeEdge in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02NDgtMzNxZi12M2dw
CHECK-fail in LSTM with zero-length input in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodmMtZzVodi00OGM2
Write to immutable memory region in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZjMtOXdmci13Z2g3
Lack of validation in data format attributes in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoeHgtajczci1xcG0y
Uninitialized memory access in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNTQtZ3Bnci00cm02
user-readable api tokens in systemd units for JupyterHub
Ecosystems: pypi
Packages: jupyterhub-systemdspawner
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtNDUtbWdxbS1nam00
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Ecosystems: pypi
Packages: red-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmanYtcG1oZy0zcmZn
Multiple cryptographic issues in Python oic
Ecosystems: pypi
Packages: oic
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Z2MtcDVtMy12MzQ3
XXE in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ3cWctcTU4di03dnJw
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Ecosystems: pypi
Packages: amundsen-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2