Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02eGYtZnE3cS04NzQz
mutation XSS via whitelisted math or svg and raw tag in Bleach
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3eDYtd2M4Ny1ybWpt
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Ecosystems: pypi
Packages: easybuild-framework
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyanItdmM3ai1nNzYy
Potential buffer overflow in psd-tools
Ecosystems: pypi
Packages: psd-tools
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnanYtNnFxNi12N3Ft
2FA bypass through deleting devices in wagtail-2fa
Ecosystems: pypi
Packages: wagtail-2fa
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNzUtNjkzOC13eDU4
python-docutils allows insecure usage of temporary files
Ecosystems: pypi
Packages: docutils
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmYzUtbWN3cS0yNnE4
Double Free in psutil
Ecosystems: pypi
Packages: psutil
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmOGMtM2NneC1mY3dt
Improper Access Control in novajoin
Ecosystems: pypi
Packages: novajoin
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4NngtNjUycC02Mzg1
Incorrect Default Permissions in keyring
Ecosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04cWMtbWY2cC1wZnE5
Link Following in rply
Ecosystems: pypi
Packages: rply
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NjctdnBtMy1nOThn
Incorrect Default Permissions in keyring
Ecosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2ZzMtY2Y5Mi1oMmg3
Insufficient Verification of Data Authenticity in python-keystoneclient
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoMzctMzd4dy01NGhy
Improper Authentication in requests-kerberos
Ecosystems: pypi
Packages: requests-kerberos
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1dzctcW1xNi1wbWpy
Users able to query database metadata in Apache Superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljMjktOWg0bS13ZzVw
Users can view database names in Apache Superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4am0td3ZqOS05YzM5
Information disclosure in Apache Superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtOTMtbTRxNi1tYzZ2
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2NW0tcHYzZi13cjVy
XSS in Bleach when noscript and raw tag whitelisted
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtcjQtbTJoNS0zM3F4
SQL injection in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczbTItM3B3Zy01Zmdj
Catastrophic backtracking in regex allows Denial of Service in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cTcteHY1Mi1oZjlm
Feedgen Vulnerable to XML Denial of Service Attacks
Ecosystems: pypi
Packages: feedgen
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3N2oteGo3cS0yanI5
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmcTgtM3EyZi00bTVn
Session key exposure through session list in Django User Sessions
Ecosystems: pypi
Packages: django-user-sessions
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxY2ctdzJjYy14ZmZ3
Uncontrolled resource consumption in validators Python package
Ecosystems: pypi
Packages: validators
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcTYtaHE1ci0yN3I2
Django Potential account hijack via password reset form
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmY2otcHE5ai13aDJy
Local Privilege Escalation in PyInstaller
Ecosystems: pypi
Packages: PyInstaller
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2OGYtNjZyNS01djc0
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01ZmYtM3dqMy04cGg0
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwcHAtZ3Bjci03cWY2
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyeGMtMzVqdy1jNjNw
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnMzYtd3BtNS1nNTdw
HTTP Request Smuggling: LF vs CRLF handling in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjNDUtd2dqcC03djly
Python Twisted trustRoot is not respected in HTTP client
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0NHctajg2ci00eDJq
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2bWYtcjkyci0yN2hy
Django allows unintended model editing
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4eHYtd3B4ai1teDV2
typed-ast Out-of-bounds Read
Ecosystems: pypi
Packages: typed-ast
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zanctNjJtNy1qamNt
typed-ast Out-of-bounds Read
Ecosystems: pypi
Packages: typed-ast
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5cHgtd3czai1nMm1t
2FA bypass in Wagtail through new device path
Ecosystems: pypi
Packages: wagtail-2fa
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzcDQtZ3c3ci13cWpj
Apache Airflow vulnerable to XSS and local file disclosure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyY2YtZzUzOS14Nmgz
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Ecosystems: pypi
Packages: rediswrapper
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtdnIzdi03Nm1m
Eval injection in Supybot/Limnoria
Ecosystems: pypi
Packages: limnoria
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxd2Mtam01Ni13Y3dq
Cross-site scripting in Jupyter Notebook
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmajYtMjc1cS00cHZt
graphite.composer.views.send_email vulnerable to SSRF
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3cDUtN2N3Ni1tNDVo
Server-Side Request Forgery in unoconv
Ecosystems: pypi
Packages: unoconv
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3bWotNzQ4eC03cDc4
DOS attack in Pillow when processing specially crafted image files
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3Y3gtcmhocS1tZmhx
High severity vulnerability that affects indico
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3ZnctbWdmai03ZzNn
ecdsa Denial of Service vulnerability in signature verification and signature malleability
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnMmYtcjdwYy02Znh4
Cross-Site Request Forgery in MicroPyramid Django CRM
Ecosystems: pypi
Packages: django-crm
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqamctdm13Ni1jMnA5
Open Redirect in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4NnYtMnJnNi04NjVo
Cross-site Scripting in django-js-reverse
Ecosystems: pypi
Packages: django-js-reverse
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yN3AtMjV2Mi0zNXdy
NLTK Vulnerable To Path Traversal
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqNXgtN2NjZi1wcGdt
Cross-site scripting in recommender-xblock
Ecosystems: pypi
Packages: recommender-xblock
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxOW0tcXZweC02OGhj
Pallets Werkzeug Insufficient Entropy
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1cm0taDI4NS01Y2M1
Improper Certificate Validation in Twisted
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyOTctY2o1NS05aHJx
SQL Injection in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1anYtNHA3dy02NGpn
Django Denial-of-service in strip_tags()
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5cWctM2o4cC1yNjN2
Uncontrolled Recursion in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0cWgtNHZndi1xYzZn
Django Denial-of-service in django.utils.text.Truncator
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZ20tcHBoNS1qNWg3
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozanAtZ3ZyNS03aHdx
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: pypi
Packages: python-engineio
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdybWYtNGZxNi0ycjc5
aubio Buffer Overflow vulnerability
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2anEtaDRqcC03MnBy
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2dnItaDRwNS1tN2Zo
Aubio is vulnerable to a NULL pointer dereference in new_aubio_filterbank
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnMzUtdmM5Zi1xN3gy
Improper Restriction of XML External Entity Reference in ladon
Ecosystems: pypi
Packages: ladon
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wZjItcTM0Yy1mYzZq
Infinite Loop in scapy
Ecosystems: pypi
Packages: scapy
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3djUtNHZwZi1wajZt
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
Ecosystems: pypi
Packages: flask
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljY3YtcDdmZy1tNzN4
XML Injection in python-libnmap
Ecosystems: pypi
Packages: python-libnmap
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mdjgtcTM5Zi1tZ2Zn
Cross-site Scripting in invenio-communities
Ecosystems: pypi
Packages: invenio-communities
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5bTItNmhxMi00cjNj
Cross-site Scripting in invenio-previewer
Ecosystems: pypi
Packages: invenio-previewer
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aDMtbXZ2Ny0yNjVq
Cross-site scripting invenio-records
Ecosystems: pypi
Packages: invenio-records
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0bWYteGZnNS1yMjQ3
Moderate severity vulnerability that affects invenio-app
Ecosystems: pypi
Packages: invenio-app
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4ajgtMzQ4di13Zm0z
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
Ecosystems: pypi
Packages: python-saml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmcTgtNTc2ci12MjZn
HPACK Denial of Service vulnerability (HPACK Bomb)
Ecosystems: pypi
Packages: hpack
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NGctd2ptdy13MzI4
Injection vulnerability that affects ironic-discoverd
Ecosystems: pypi
Packages: python-ironic-inspector-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ODItMnBjaC0zeHYz
Django Denial-of-service by filling session store
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5Mm0tNDJoNC04MmY2
High severity vulnerability that affects postfix-mta-sts-resolver
Ecosystems: pypi
Packages: postfix-mta-sts-resolver
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjN3YtMmY0OS04aDI2
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzdzYtamNnNC01Mnho
Improper Verification of Cryptographic Signature in django-rest-registration
Ecosystems: pypi
Packages: django-rest-registration
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdycDItZm0yaC13Y2hq
Django Cross-site Scripting in AdminURLFieldWidget
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjYzUtMnZnNC1jYzdt
Twisted CRLF Injection
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2djMtaHB4ai1yOHJ2
Code Injection in PyXDG
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnAtaGd4NS0ycGZo
Improper Authentication in Buildbot
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4MnYtajQ0NS1nMzU0
Improper Input Validation in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0OTItZjdnci0yN3Jw
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mZzcteDVtNy02cDh3
NULL Pointer Dereference in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13NnYtY3JoOC04NTMz
Integer Overflow or Wraparound in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2otYzY0bS1xaGdx
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Ecosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyeHgtMm0zMy02d2Ny
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmcTItcmo3Zi05Z3Zm
Null pointer dereference in TensorFlow leads to exploitation
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0eHctODJ2Ny1obXJt
Improper Input Validation in python-dbusmock
Ecosystems: pypi
Packages: python-dbusmock
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMzMtN3JycS02NjJ3
Improper Certificate Validation in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2ajQtM2doMi05ZjVq
Apache Airflow vulnerable to CSRF Attacks
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4N3ctNDVycS12eGdm
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ZmMtOXhxdi03Zjdx
SQLAlchemy is vulnerable to SQL Injection via group_by parameter
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0dnEtaDRxOC14Nmp2
Ansible Path Traversal vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwN3YtMmp2ai12NTRy
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2ZjItcHdyai02NGgz
Tryton Improper Access Control
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2Mnctdjk3ci00bTQ1
Jinja2 sandbox escape via string formatting
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 44.1
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqMmotNzd4bS1tYzV2
High severity vulnerability that affects Jinja2
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 44.1
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjeDItbTdqcC1wOXdq
Jupyter Notebook open redirect vulnerability
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNnEtd3hyNi0zY3Jx
Moderate severity vulnerability that affects roundup
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4YzYtZnBjNy00cXZn
CoAPthon DoS due to Exceptions
Ecosystems: pypi
Packages: CoAPthon
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 5 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2