Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zanctNjJtNy1qamNt
typed-ast Out-of-bounds Read
Ecosystems: pypi
Packages: typed-ast
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5cHgtd3czai1nMm1t
2FA bypass in Wagtail through new device path
Ecosystems: pypi
Packages: wagtail-2fa
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzcDQtZ3c3ci13cWpj
Apache Airflow vulnerable to XSS and local file disclosure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyY2YtZzUzOS14Nmgz
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Ecosystems: pypi
Packages: rediswrapper
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtdnIzdi03Nm1m
Eval injection in Supybot/Limnoria
Ecosystems: pypi
Packages: limnoria
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxd2Mtam01Ni13Y3dq
Cross-site scripting in Jupyter Notebook
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmajYtMjc1cS00cHZt
graphite.composer.views.send_email vulnerable to SSRF
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3cDUtN2N3Ni1tNDVo
Server-Side Request Forgery in unoconv
Ecosystems: pypi
Packages: unoconv
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3bWotNzQ4eC03cDc4
DOS attack in Pillow when processing specially crafted image files
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3Y3gtcmhocS1tZmhx
High severity vulnerability that affects indico
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3ZnctbWdmai03ZzNn
ecdsa Denial of Service vulnerability in signature verification and signature malleability
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnMmYtcjdwYy02Znh4
Cross-Site Request Forgery in MicroPyramid Django CRM
Ecosystems: pypi
Packages: django-crm
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqamctdm13Ni1jMnA5
Open Redirect in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4NnYtMnJnNi04NjVo
Cross-site Scripting in django-js-reverse
Ecosystems: pypi
Packages: django-js-reverse
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yN3AtMjV2Mi0zNXdy
NLTK Vulnerable To Path Traversal
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqNXgtN2NjZi1wcGdt
Cross-site scripting in recommender-xblock
Ecosystems: pypi
Packages: recommender-xblock
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxOW0tcXZweC02OGhj
Pallets Werkzeug Insufficient Entropy
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1cm0taDI4NS01Y2M1
Improper Certificate Validation in Twisted
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyOTctY2o1NS05aHJx
SQL Injection in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1anYtNHA3dy02NGpn
Django Denial-of-service in strip_tags()
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5cWctM2o4cC1yNjN2
Uncontrolled Recursion in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0cWgtNHZndi1xYzZn
Django Denial-of-service in django.utils.text.Truncator
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZ20tcHBoNS1qNWg3
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozanAtZ3ZyNS03aHdx
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: pypi
Packages: python-engineio
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdybWYtNGZxNi0ycjc5
aubio Buffer Overflow vulnerability
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2anEtaDRqcC03MnBy
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2dnItaDRwNS1tN2Zo
Aubio is vulnerable to a NULL pointer dereference in new_aubio_filterbank
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnMzUtdmM5Zi1xN3gy
Improper Restriction of XML External Entity Reference in ladon
Ecosystems: pypi
Packages: ladon
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wZjItcTM0Yy1mYzZq
Infinite Loop in scapy
Ecosystems: pypi
Packages: scapy
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
Ecosystems: pypi
Packages: flask
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljY3YtcDdmZy1tNzN4
XML Injection in python-libnmap
Ecosystems: pypi
Packages: python-libnmap
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mdjgtcTM5Zi1tZ2Zn
Cross-site Scripting in invenio-communities
Ecosystems: pypi
Packages: invenio-communities
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5bTItNmhxMi00cjNj
Cross-site Scripting in invenio-previewer
Ecosystems: pypi
Packages: invenio-previewer
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aDMtbXZ2Ny0yNjVq
Cross-site scripting invenio-records
Ecosystems: pypi
Packages: invenio-records
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0bWYteGZnNS1yMjQ3
Moderate severity vulnerability that affects invenio-app
Ecosystems: pypi
Packages: invenio-app
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4ajgtMzQ4di13Zm0z
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
Ecosystems: pypi
Packages: python-saml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmcTgtNTc2ci12MjZn
HPACK Denial of Service vulnerability (HPACK Bomb)
Ecosystems: pypi
Packages: hpack
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NGctd2ptdy13MzI4
Injection vulnerability that affects ironic-discoverd
Ecosystems: pypi
Packages: python-ironic-inspector-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ODItMnBjaC0zeHYz
Django Denial-of-service by filling session store
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5Mm0tNDJoNC04MmY2
High severity vulnerability that affects postfix-mta-sts-resolver
Ecosystems: pypi
Packages: postfix-mta-sts-resolver
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjN3YtMmY0OS04aDI2
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzdzYtamNnNC01Mnho
Improper Verification of Cryptographic Signature in django-rest-registration
Ecosystems: pypi
Packages: django-rest-registration
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdycDItZm0yaC13Y2hq
Django Cross-site Scripting in AdminURLFieldWidget
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjYzUtMnZnNC1jYzdt
Twisted CRLF Injection
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2djMtaHB4ai1yOHJ2
Code Injection in PyXDG
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnAtaGd4NS0ycGZo
Improper Authentication in Buildbot
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4MnYtajQ0NS1nMzU0
Improper Input Validation in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0OTItZjdnci0yN3Jw
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mZzcteDVtNy02cDh3
NULL Pointer Dereference in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13NnYtY3JoOC04NTMz
Integer Overflow or Wraparound in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2otYzY0bS1xaGdx
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Ecosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyeHgtMm0zMy02d2Ny
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmcTItcmo3Zi05Z3Zm
Null pointer dereference in TensorFlow leads to exploitation
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0eHctODJ2Ny1obXJt
Improper Input Validation in python-dbusmock
Ecosystems: pypi
Packages: python-dbusmock
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMzMtN3JycS02NjJ3
Improper Certificate Validation in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2ajQtM2doMi05ZjVq
Apache Airflow vulnerable to CSRF Attacks
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4N3ctNDVycS12eGdm
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ZmMtOXhxdi03Zjdx
SQLAlchemy is vulnerable to SQL Injection via group_by parameter
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0dnEtaDRxOC14Nmp2
Ansible Path Traversal vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwN3YtMmp2ai12NTRy
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2ZjItcHdyai02NGgz
Tryton Improper Access Control
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2Mnctdjk3ci00bTQ1
Jinja2 sandbox escape via string formatting
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 44.1
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqMmotNzd4bS1tYzV2
High severity vulnerability that affects Jinja2
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 44.1
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjeDItbTdqcC1wOXdq
Jupyter Notebook open redirect vulnerability
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNnEtd3hyNi0zY3Jx
Moderate severity vulnerability that affects roundup
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4YzYtZnBjNy00cXZn
CoAPthon DoS due to Exceptions
Ecosystems: pypi
Packages: CoAPthon
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2Zm0tcmd3NC04cTcz
CoAPthon3 vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: CoAPthon3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2NjItNHBtai14dzZo
Open Redirect vulnerability in jupyterhub and notebook
Ecosystems: pypi
Packages: jupyterhub, notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1OHctNjQ5ci1xanI5
Moderate severity vulnerability that affects splunk-sdk
Ecosystems: pypi
Packages: splunk-sdk
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmY2gtanZnNS1jcmY2
Improper Input Validation python-gnupg
Ecosystems: pypi
Packages: python-gnupg
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjbTQtcTJwZy14dzg5
ipycache is vulnerable to Code Injection
Ecosystems: pypi
Packages: ipycache
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1NTQtanhjdy00NTRx
Webargs mishandles concurrent JSON parsing
Ecosystems: pypi
Packages: webargs
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y3YtOGN2di02NjZj
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoNGgtdjNmMi1yMnBw
Uncontrolled Memory Consumption in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2OTUtNHd4ai02ZnFx
Pylons Colander Denial of Service vulnerability
Ecosystems: pypi
Packages: colander
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eHYtOXh4ci1oN3dq
Pyspark User Impersonation Vulnerability
Ecosystems: pypi
Packages: pyspark
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMjQtN3d2Zy12ODhn
CRLF Injection in pypiserver
Ecosystems: pypi
Packages: pypiserver
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cmMteDg0cS1wdjRm
Improper Certificate Validation in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d3YtcmpybS01NzZw
Cross-Site Request Forgery (CSRF) in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncWctM2Z4ci05aHY3
Apache Airflow vulnerable to XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmZzQtajU2Mi1tanJj
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoamgtZ2h3eC02aDdy
modulemd uses an unsafe function for processing externally provided data
Ecosystems: pypi
Packages: modulemd
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzN3gtNHE4Zy1wcmM1
Improper Input Validation in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxcXYtcjJxNC1qeGht
High severity vulnerability that affects privacyIDEA
Ecosystems: pypi
Packages: privacyIDEA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyOHctNng4Yy02anI5
Django vulnerable to XSS on 500 pages
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3aHAtNzY1eC1qOTV4
Django Open redirect and possible XSS attack via user-supplied numeric redirect URLs
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0aHYtbTRoNC1taHdn
Django open redirect
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyOHYtbXc2Ny1tNXA5
Django Denial-of-service possibility in urlize and urlizetrunc template filters
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmOXgtNXY3NS0zcXY0
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4cnYtNWpxYy1tMmN2
Recurly vulnerable to SSRF
Ecosystems: pypi
Packages: recurly
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4Z2otd3d4bS1jajNo
mistune Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: mistune
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2d3YtNnd2eC1weDl4
Plone Open Redirect
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05bXEtcDJmOS1jZnF2
Bleach URI Scheme Restriction Bypass
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyZnAtNGhtMy1qOHI3
Moderate severity vulnerability that affects moin
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwcnctaDYydi1jMnc3
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4NTQtajRtMy1yNnd4
sqla-yaml-fixtures is vulnerable to Code Injection
Ecosystems: pypi
Packages: sqla-yaml-fixtures
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0eDQtOThjZy13cjRn
Code injection in Danijar Definitions
Ecosystems: pypi
Packages: definitions
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmdjYtY2o5Mi1nM2h4
PyKMIP Denial of service vulnerability
Ecosystems: pypi
Packages: pykmip
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNHgtYzR2OS14NzI5
aiohttp-session creates non-expiring sessions
Ecosystems: pypi
Packages: aiohttp-session
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OWctZjk3OC14eHY5
Cross-Site Request Forgery (CSRF) in Luigi
Ecosystems: pypi
Packages: luigi
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 5 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 764
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 50 apache-superset 48 Plone 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 mlflow 31 opencv-python 30 opencv-contrib-python 30 Django 27 moin 23 langchain 18 PaddlePaddle 17 mercurial 17 cobbler 17 pillow 16 nova 15 paddlepaddle 15 notebook 15 cryptography 15 gradio 14 modoboa 14 pyftpdlib 14 keystone 14 pyload-ng 14 neutron 13 OctoPrint 12 vantage6 12 glance 11 calibreweb 11 twisted 11 urllib3 11 aiohttp 11 onionshare-cli 11 trytond 10 wagtail 10 Flask-AppBuilder 10 zope 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ethyca-fides 9 waitress 9 Zope 9 kiwitcms 9 trac 8 numpy 8 python-keystoneclient 8 aubio 8 roundup 8 nautobot 8 label-studio 8 swift 7 jupyter-server 7 pysaml2 7 pgadmin4 7 lief 7 scrapy 7 ipython 7 pip 7 matrix-sydent 7 mailman 6 apache-airflow-providers-apache-hive 6 lxml 6 Zope2 6 sentry 6 tuf 6 web2py 6 horizon 6 graphite-web 6 mindsdb 6 inventree 6 bleach 5 pyspark 5 saleor 5 lmdb 5 ckan 5 requests 5 python-gnupg 5 feedparser 5 whoogle-search 5 Products.CMFPlone 5 paramiko 5 cinder 5 jupyterhub 4 tripleo-heat-templates 4 bottle 4 Radicale 4 aws-iot-device-sdk-v2 4 Pygments 4 reportlab 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 markdown2 4 awsiotsdk 4 nltk 4 starlette 4 nvflare 4 datasette 4 Jinja2 4 ansible-core 4 transformers 4 esphome 4 httpie 4 Flask-Security-Too 4 grpc 4 keylime 4 grpcio 4 oauthenticator 4 FreeTAKServer-UI 4 tornado 4 PyPDF2 4 buildbot 4 pretix 4 werkzeug 4 GitPython 4 omero-web 4 yt-dlp 4 jwcrypto 4 qutebrowser 4 mistune 3 Mezzanine 3 gerapy 3 SQLAlchemy 3 copyparty 3 django-helpdesk 3 Werkzeug 3 dulwich 3 pyyaml 3 sanic 3 flask 3 pandasai 3 mayan-edms 3 barbican 3 aim 3 indy-node 3 protobuf 3 ryu 3 streamlit 3 httplib2 3 sosreport 3 zenml 3 sickrage 3 rsa 3 Weblate 3 ujson 3 openvpn-monitor 3 Keystone 3 pyarrow 3 Products.PluggableAuthService 3 changedetection.io 3 ajenti 3 fava 3 Moin 3 pycrypto 3 mitmproxy 3 keyring 3 io.grpc:grpc-protobuf 3 wger 3 apache-libcloud 3 ecdsa 3 plone.app.event 3 plone.app.theming 3 plone.app.dexterity 3 plone.supermodel 3 sqlparse 3 homeassistant 3 onnx 3 asyncua 3 torchserve 3 ansible-runner 3 localstack 3 poetry 3 bitlyshortener 3 indico 3 octavia 3 slixmpp 3 jupyterlab 3 clearml 3 docassemble.webapp 3 apache-iotdb 3 asyncssh 3 quokka 3 pywasm3 3 apache-airflow-providers-apache-spark 3 ray 3 python-jose 3 pymatgen 2 pyxdg 2 openapi-python-client 2 wagtail-2fa 2 zope2 2 py 2 ctx 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/apache/airflow 90 https://github.com/django/django 74 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/mlflow/mlflow 25 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/modoboa/modoboa 13 https://github.com/gradio-app/gradio 13 https://github.com/twisted/twisted 12 https://github.com/urllib3/urllib3 11 https://github.com/aio-libs/aiohttp 11 https://github.com/openstack/keystone 11 https://github.com/onionshare/onionshare 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/giampaolo/pyftpdlib 9 https://github.com/Pylons/waitress 9 https://github.com/apache/superset 9 https://github.com/ethyca/fides 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/scrapy/scrapy 8 https://github.com/nautobot/nautobot 8 https://github.com/octoprint/octoprint 8 https://github.com/numpy/numpy 8 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/aubio/aubio 7 https://github.com/lief-project/LIEF 7 https://github.com/graphite-project/graphite-web 6 https://github.com/getsentry/sentry 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/lxml/lxml 6 https://github.com/pypa/pip 6 https://github.com/mindsdb/mindsdb 6 https://github.com/HumanSignal/label-studio 6 https://github.com/matrix-org/sydent 6 https://github.com/pallets/werkzeug 5 https://sourceforge.net/projects/sourceforge.net 5 https://github.com/openstack/nova 5 https://github.com/mozilla/bleach 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/hwchase17/langchain 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/openstack/horizon 5 https://github.com/benbusby/whoogle-search 5 https://github.com/yt-dlp/yt-dlp 4 https://github.com/jhpyle/docassemble 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/openstack/neutron 4 https://github.com/ckan/ckan 4 https://github.com/jupyterhub/oauthenticator 4 https://github.com/inventree/InvenTree 4 https://github.com/web2py/web2py 4 https://github.com/latchset/jwcrypto 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/WeblateOrg/weblate 4 https://github.com/Kozea/Radicale 4 https://github.com/huggingface/transformers 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/rohe/pysaml2 4 https://github.com/ronf/asyncssh 4 https://github.com/py-pdf/pypdf 4 https://github.com/bottlepy/bottle 4 https://github.com/grpc/grpc 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/simonw/datasette 4 https://github.com/tornadoweb/tornado 4 https://github.com/saleor/saleor 4 https://github.com/psf/requests 4 https://github.com/openstack/cinder 3 https://github.com/beancount/fava 3 https://github.com/encode/starlette 3 https://github.com/onnx/onnx 3 https://github.com/python/cpython 3 https://github.com/ome/omero-web 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/paramiko/paramiko 3 https://github.com/pallets/jinja 3 https://github.com/rochacbruno/quokka 3 https://github.com/poezio/slixmpp 3 https://github.com/pallets/flask 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/run-llama/llama_index 3 https://github.com/pretix/pretix 3 https://github.com/openstack/swift 3 https://github.com/pytorch/serve 3 https://github.com/djblets/djblets 3 https://github.com/dlitz/pycrypto 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/pyca/pyopenssl 3 https://github.com/openstack/octavia 3 https://github.com/pygments/pygments 3 https://github.com/pypa/advisory-db 3 https://github.com/openstack/glance 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/Gerapy/Gerapy 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/theupdateframework/tuf 3 https://github.com/github/securitylab 3 https://github.com/ansible/ansible-runner 3 https://github.com/trentm/python-markdown2 3 https://github.com/gventuri/pandas-ai 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/home-assistant/core 3 https://github.com/lepture/mistune 3 https://github.com/httplib2/httplib2 3 https://github.com/wasm3/wasm3 3 https://github.com/hyperledger/indy-node 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/yaml/pyyaml 3 https://github.com/9001/copyparty 3 https://github.com/zenml-io/zenml 3 https://github.com/indico/indico 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/streamlit/streamlit 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/mpdavis/python-jose 3 https://github.com/nltk/nltk 3 https://github.com/faucetsdn/ryu 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/sosreport/sos 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/furlongm/openvpn-monitor 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/Kozea/CairoSVG 2 https://github.com/DataDog/guarddog 2 https://github.com/dask/distributed 2 https://github.com/pretalx/pretalx 2 https://github.com/nexB/scancode.io 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/ethereum/eth-abi 2 https://github.com/plone/plone.restapi 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/IncludeSecurity/safeurl-python 2 https://github.com/cure53/DOMPurify 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/NVIDIA/NeMo 2 https://github.com/corydolphin/flask-cors 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/eventlet/eventlet 2 https://github.com/inventree/inventree 2 https://github.com/jrspruitt/ubi_reader 2 https://github.com/jpadilla/pyjwt 2 https://github.com/jelmer/dulwich 2 https://github.com/jdennis/keycloak-httpd-client-install 2 https://github.com/jaraco/keyring 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/geopython/OWSLib 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/materialsproject/pymatgen 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/goToMain/libosdp 2 https://github.com/marshmallow-code/webargs 2 https://github.com/django-wiki/django-wiki 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/man-group/dtale 2 https://github.com/embedchain/embedchain 2 https://github.com/heartexlabs/label-studio 2 https://github.com/encode/uvicorn 2 https://github.com/html5lib/html5lib-python 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/httpie/httpie 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/labd/wagtail-2fa 2 https://github.com/petl-developers/petl 2 https://github.com/Netflix/lemur 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/devsnd/cherrymusic 2 https://github.com/dbt-labs/dbt-core 2