Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03MnF3LXA3aGgtbTNmZs4AA2ju
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link
Ecosystems: pypi
Packages: torbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS02NTV3LWZtOG0tbTQ3OM4AA2ja
LangChain Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nNG14LXE5dmctMjdwNM4AA2gt
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nd3ZtLTQ1Z3gtM2NmOM4AA2c6
Authorization Header forwarded on redirect
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qM3c4LTJwMmgtbXJyOc4AA2ci
Apache Airflow vulnerable to privilege escalation
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jZ3gyLXJybXItang0M84AA2ch
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zMndyLXFxdzYtNW1mcM4AA2cg
Apache Airflow vulnerable to sensitive information exposure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tcTI5LWo1eGYtY2p3cs4AA2cZ
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Ecosystems: pypi
Packages: pyminizip
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03eDk0LTZnMm0tM2hwMs4AA2cP
Defining resource name as integer may give unintended access in vantage6
Ecosystems: pypi
Packages: vantage6-node, vantage6
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nYzU3LXhoaDUtbTk0cs4AA2cO
Improper Access Control in vantage6
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
High
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1md2ZnLXZwcmgtOTdwaM4AA2Xz
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12bTJtLTdocHctZnBtcc4AA2XX
Microsoft Common Data Model SDK Denial of Service Vulnerability
Ecosystems: pypi, maven, nuget
Packages: commondatamodel-objectmodel, com.microsoft.commondatamodel:objectmodel, Microsoft.CommonDataModel.ObjectModel
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1mOXBtLTRnOXAtNnZtM84AA2Rp
Bundled libwebp in pywebp vulnerable
Ecosystems: pypi
Packages: webp
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
High
GSA_kwCzR0hTQS0zZjQ4LTlqN3EtcTJnds4AA2Qr
NI MeasurementLink Python Services Improper Access Restriction vulnerability
Ecosystems: pypi
Packages: ni-measurementlink-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerable
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS01NnB3LW1wajQtZnh3d84AA2QC
Bundled libwebp in Pillow vulnerable
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title property
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13dzNtLWZmcm0tcXZxds4AA2Ph
Ansible may expose private key
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 8 months ago
High
GSA_kwCzR0hTQS0yODk0LXFjcWYtZzIzZ84AA2Ml
asyncua Improper Authentication vulnerability
Ecosystems: pypi
Packages: asyncua
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 8 months ago
High
GSA_kwCzR0hTQS1nZnZxLW14dzMtbWZxM84AA2Mo
asyncua vulnerable to denial of service via infinite loop
Ecosystems: pypi
Packages: asyncua
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 8 months ago
High
GSA_kwCzR0hTQS01cnY1LTZoNHItaDIyds4AA2ME
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
Ecosystems: pypi
Packages: opentelemetry-instrumentation
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12ODQ1LWp4eDUtdmM5Zs4AA2MD
`Cookie` HTTP header isn't stripped on cross-origin redirects
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qOWdxLXc3M3ctOWg2Y84AA2L3
pretix potential IP address spoofing vulnerability
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00bXFnLWg1amYtajltN84AA2Ly
TorchServe Pre-Auth Remote Code Execution
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 8 months ago
High
GSA_kwCzR0hTQS1yaHJ2LTY0NWgtZmpmaM4AA2Jb
Apache Avro Java SDK vulnerable to Improper Input Validation
Ecosystems: pypi, maven
Packages: avro, org.apache.avro:avro
Source: GitHub Advisory Database
Blast Radius: 54.2
Published: 8 months ago
High
GSA_kwCzR0hTQS1jNHJ2LTJqNngtcHE3eM4AA2JC
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 8 months ago
High
GSA_kwCzR0hTQS05anZ4LXA2bXEtZnc0ds4AA2Ij
pretix allows Pillow to parse EPS files
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 months ago
High
GSA_kwCzR0hTQS04bWpyLTZjOTYtMzl3OM4AA2Hh
pydash Command Injection vulnerability
Ecosystems: pypi
Packages: pydash
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jeDJxLWhmeHItcmo5N84AA2C3
Vyper's `_abi_decode` input not validated in complex expressions
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 8 months ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS00Mmg0LXYyOXItNDJxZ84AA2Bw
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02cng5LWMycmgtM3F2NM4AA2A7
OpenStack Barbican information disclosure vulnerability
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02cXFwLTR2bTMtMzU5ds4AA2A5
OpenStack Barbican credential leak flaw
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 8 months ago
High
GSA_kwCzR0hTQS01ODM2LWdyY2MtOGo4Oc4AA2A4
OpenStack Heat information leak vulnerability
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1naHA4LTUydngtNzdqNM4AA2Al
pgAdmin failed to properly control the server code
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1oNnJwLW1wcm0teGdjcc4AA1_v
plone.rest vulnerable to Denial of Service when ++api++ is used many times
Ecosystems: pypi
Packages: plone.rest
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 8 months ago
High
GSA_kwCzR0hTQS1jNjQ3LXB4bTItYzUyd84AA1-0
Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 months ago
High
GSA_kwCzR0hTQS1weGc1LWgzNHItN3E4cM4AA1-z
GeoNode vulnerable to SSRF Bypass to return internal host data
Ecosystems: pypi
Packages: GeoNode
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wajk4LTJ4ZjYtY2ZmNc4AA19n
ReportLab vulnerable to remote code execution via paraparser
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zaGcyLXI3NXgtZzY5bc4AA17W
Vyper has incorrect re-entrancy lock when key is empty string
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12NHE5LXFncWYtN2p3cM4AA15s
Gradio arbitrary file upload vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 8 months ago
High
GSA_kwCzR0hTQS01aGo5LW03NmcteHJjOM4AA13e
Apache HDFS Provider error message suggested
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hdfs
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 8 months ago
High
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tanFoLXY1ZjItZzJtd84AA11j
Apache Airflow information exposure vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13cGc4LW1mNmgtZ205Ms4AA11i
Apache Airflow Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
High
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTable
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1oN2NtLW1ydnEtd2Nmcs4AA10c
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS1wbXhxLXBqNDctajhqNM4AA1xF
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Ecosystems: pypi, maven
Packages: wiremock, com.github.tomakehurst:wiremock-jre8-standalone, com.github.tomakehurst:wiremock-jre8, org.wiremock:wiremock, org.wiremock:wiremock-standalone
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 8 months ago
High
GSA_kwCzR0hTQS1wNnAyLXFxOTUtdnE1aM4AA1v9
Remote Code Execution in Custom Integration Upload
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04eHY3LTg5dmotcTQ4Y84AA1v6
Information disclosure in AccessControl
Ecosystems: pypi
Packages: Zope, AccessControl
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mbTRxLWo4ZzQtYzlqNM4AA1vN
Apache Superset Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05NWNoLXAzZ3ctMjNxZ84AA1vM
Apache Superset has incorrect authorization check
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1majR4LW02Mmotd3Z3Z84AA1vL
Apache Superset Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00Zmc5LTV3NDYteG1yas4AA1u4
Apache Superset Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05ODMyLW1nZzQtM2dyNs4AA1um
Apache Superset has improper default REST API permission for Gamma users
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12NTk0LTJjOTctaHgzOM4AA1ut
Apache Superset vulnerable to improper data authorization
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jcHZ4LTIzNjUtNDY2Y84AA1un
Apache Superset may expose internal traces on REST API endpoints
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05cWMzLXA5anEtMngyN84AA1up
Apache Superset users may incorrectly create resources using the import charts feature
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mNHI1LXE2M2YtZ2N3d84AA1uk
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xdmg2LTNqN3gtM2hxN84AA1sa
Salt can cause Git Providers to get wrong data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12cGpnLXdtZjgtMjloOc4AA1sb
Salt vulnerable to denial of service
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS14YzI3LWY5cTMtNDQ0OM4AA1rH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Ecosystems: pypi
Packages: hyper-bump-it
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00aGc0LTltZjUtd3h4cc4AA1rF
incorrect order of evaluation of side effects for some builtins
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nMnhoLWM0MjYtdjhtZs4AA1rE
Vyper: reversed order of side effects for some operations
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1mNzN3LTRtN2ctY2g5eM4AA1n1
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
High
GSA_kwCzR0hTQS14ancyLTZqbTktcmY2N84AA1lM
Sandbox escape via various forms of "format".
Ecosystems: pypi
Packages: RestrictedPython
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1jd3ZtLXY0dzgtcTU4Y84AA1lK
Blind local file inclusion
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04ZmpyLWhnaHItNG05Oc4AA1lJ
Archive spoofing vulnerability in borgbackup
Ecosystems: pypi
Packages: borgbackup
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1yNzI2LXZtZnEtajlqM84AA1jZ
Open Redirect Vulnerability in jupyter-server
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02NHg1LTU1cnctOTk3NM4AA1jY
cross-site inclusion (XSSI) of files in jupyter-server
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 9 months ago
High
GSA_kwCzR0hTQS13Zm01LXYzNWgtdndmNM4AA1jX
GitPython untrusted search path on Windows systems leading to arbitrary code execution
Ecosystems: pypi
Packages: gitpython
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1taHA2LWp2cHgtMnA0bc4AA1jD
Heap-based buffer overflow in ZBar
Ecosystems: pypi
Packages: zbar
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 9 months ago
High
GSA_kwCzR0hTQS04cTI4LXB3OWctdzgyY84AA1hs
Apache Airflow vulnerable arbitrary code execution via Spark server
Ecosystems: pypi
Packages: apache-airflow-providers-apache-spark
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 9 months ago
High
GSA_kwCzR0hTQS1nM205LXByNW0tNGN2cM4AA1hq
Airflow Sqoop Provider RCE Vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-sqoop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1qOGcyLTZmYzctcThmOM4AA1gY
Pyramid static view path traversal up one directory
Ecosystems: pypi
Packages: pyramid
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 9 months ago
High
GSA_kwCzR0hTQS1wbTg3LTI0d3Etcjh3Oc4AA1eM
Apache Airflow Session Fixation vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 9 months ago
High
GSA_kwCzR0hTQS14Mm1oLThmbWMtcnFnaM4AA1eL
Apache Airflow denial of service vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01ZjM1LXBxMzQtYzg3cc4AA1eK
Apache Airflow missing Certificate Validation
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-imap, apache-airflow-providers-smtp
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 9 months ago
High
GSA_kwCzR0hTQS04cmo1LTI4NTctODc3as4AA1d8
json2xml Uncaught Exception vulnerability
Ecosystems: pypi
Packages: json2xml
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03Z2ZxLWY5NmYtZzg1as4AA1dI
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01cHY2LXJwcnctODJ3ds4AA1bH
Horizon Web Dashboard Open Redirect vulnerability
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03Y2gzLTdwcDctN2Nwcc4AA1at
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Ecosystems: pypi
Packages: datasette
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 9 months ago
High
GSA_kwCzR0hTQS13ODMyLXYzYzYtbTZyZ84AA1aR
pandasai vulnerable to prompt injection
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1yMmY2LTY5MjgtZmg4Zs4AA1XP
Apache Airflow Spark Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-spark
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02eGN4LWd4N3ItcmNjas4AA1Ui
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint
Ecosystems: pypi
Packages: scancodeio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1majMyLXE2MjYtcGpqY84AA1UA
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 78 ansible 63 salt 53 Plone 52 apache-superset 49 nova 45 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 34 mlflow 33 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 langchain 18 glance 18 mercurial 17 PaddlePaddle 17 cobbler 17 pillow 16 neutron 16 cryptography 15 paddlepaddle 15 gradio 15 notebook 15 modoboa 14 pyftpdlib 14 pyload-ng 14 OctoPrint 13 vantage6 12 swift 12 aiohttp 11 onionshare-cli 11 twisted 11 calibreweb 11 urllib3 11 horizon 11 wagtail 10 trytond 10 Flask-AppBuilder 10 ethyca-fides 9 zope 9 waitress 9 Zope 9 kiwitcms 9 opencv-contrib-python-headless 9 opencv-python-headless 9 ryu 9 roundup 9 nautobot 9 label-studio 8 cinder 8 trac 8 numpy 8 aubio 8 python-keystoneclient 8 scrapy 7 pgadmin4 7 jupyter-server 7 ipython 7 lief 7 matrix-sydent 7 pysaml2 7 pip 7 inventree 6 mindsdb 6 sentry 6 apache-airflow-providers-apache-hive 6 Zope2 6 tuf 6 web2py 6 lxml 6 graphite-web 6 mailman 6 Moin 6 feedparser 5 python-gnupg 5 bleach 5 Products.CMFPlone 5 saleor 5 paramiko 5 pyspark 5 Jinja2 5 requests 5 lmdb 5 whoogle-search 5 ckan 5 barbican 4 tripleo-heat-templates 4 starlette 4 Scrapy 4 jupyterhub 4 oauthenticator 4 httpie 4 keylime 4 FreeTAKServer-UI 4 PyPDF2 4 omero-web 4 transformers 4 grpcio 4 markdown2 4 qutebrowser 4 grpc 4 tornado 4 werkzeug 4 yt-dlp 4 nvflare 4 nltk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 datasette 4 esphome 4 Keystone 4 GitPython 4 Radicale 4 reportlab 4 aws-iot-device-sdk-v2 4 ansible-core 4 jwcrypto 4 Pygments 4 Werkzeug 4 buildbot 4 pretix 4 bottle 4 awsiotsdk 4 Flask-Security-Too 4 ecdsa 3 ujson 3 ray 3 Weblate 3 ajenti 3 asyncssh 3 pyarrow 3 Kallithea 3 sanic 3 changedetection.io 3 sosreport 3 flask 3 io.grpc:grpc-protobuf 3 onnx 3 sickrage 3 Mezzanine 3 mistune 3 openvpn-monitor 3 streamlit 3 copyparty 3 Nova 3 indy-node 3 aim 3 localstack 3 mayan-edms 3 pandasai 3 poetry 3 protobuf 3 gerapy 3 bitlyshortener 3 indico 3 jupyterlab 3 pywasm3 3 python-jose 3 keyring 3 wger 3 asyncua 3 apache-iotdb 3 Products.PluggableAuthService 3 rsa 3 fava 3 keystonemiddleware 3 pyyaml 3 apache-airflow-providers-apache-spark 3 docassemble.webapp 3 quokka 3 clearml 3 SQLAlchemy 3 dulwich 3 django-helpdesk 3 ansible-runner 3 slixmpp 3 sqlparse 3 octavia 3 homeassistant 3 torchserve 3 pycrypto 3 apache-libcloud 3 plone.supermodel 3 plone.app.dexterity 3 plone.app.event 3 zenml 3 mitmproxy 3 httplib2 3 plone.app.theming 3 django-unicorn 2 piccolo 2 cabot 2
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/ikus060/rdiffweb 42 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 14 https://github.com/modoboa/modoboa 13 https://github.com/twisted/twisted 12 https://github.com/aio-libs/aiohttp 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/janeczku/calibre-web 11 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/apache/superset 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/faucetsdn/ryu 9 https://github.com/openstack/horizon 9 https://github.com/ethyca/fides 9 https://github.com/kiwitcms/Kiwi 8 https://github.com/ipython/ipython 8 https://github.com/numpy/numpy 8 https://github.com/octoprint/octoprint 8 https://github.com/openstack/neutron 7 https://github.com/lief-project/LIEF 7 https://sourceforge.net/projects/sourceforge.net 7 https://github.com/aubio/aubio 7 https://github.com/openstack/swift 7 https://github.com/lxml/lxml 6 https://github.com/OctoPrint/OctoPrint 6 https://github.com/jupyter-server/jupyter_server 6 https://github.com/pypa/pip 6 https://github.com/openstack/cinder 6 https://github.com/HumanSignal/label-studio 6 https://github.com/graphite-project/graphite-web 6 https://github.com/matrix-org/sydent 6 https://github.com/getsentry/sentry 6 https://github.com/mindsdb/mindsdb 6 https://github.com/pallets/werkzeug 6 https://github.com/mozilla/bleach 5 https://github.com/hwchase17/langchain 5 https://github.com/benbusby/whoogle-search 5 https://github.com/TeamSeri0us/pocs 5 https://github.com/gitpython-developers/GitPython 5 https://github.com/tryton/trytond 5 https://github.com/keylime/keylime 5 https://github.com/ckan/ckan 4 https://github.com/Flask-Middleware/flask-security 4 https://github.com/esphome/esphome 4 https://github.com/latchset/jwcrypto 4 https://github.com/FreeTAKTeam/UI 4 https://github.com/NVIDIA/NVFlare 4 https://github.com/qutebrowser/qutebrowser 4 https://github.com/py-pdf/pypdf 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/rohe/pysaml2 4 https://github.com/huggingface/transformers 4 https://github.com/ronf/asyncssh 4 https://github.com/simonw/datasette 4 https://github.com/grpc/grpc 4 https://github.com/bottlepy/bottle 4 https://github.com/psf/requests 4 https://github.com/saleor/saleor 4 https://github.com/jhpyle/docassemble 4 https://github.com/yt-dlp/yt-dlp 4 https://github.com/inventree/InvenTree 4 https://github.com/WeblateOrg/weblate 4 https://github.com/web2py/web2py 4 https://github.com/Kozea/Radicale 4 https://github.com/tornadoweb/tornado 4 https://github.com/pallets/jinja 4 https://github.com/jupyterhub/oauthenticator 4 https://sourceforge.net/projects/roject 3 https://github.com/gventuri/pandas-ai 3 https://gitlab.com/mayan-edms/mayan-edms 3 https://github.com/trentm/python-markdown2 3 https://github.com/pygments/pygments 3 https://github.com/MobSF/Mobile-Security-Framework-MobSF 3 https://github.com/ansible/ansible-runner 3 https://github.com/pyca/pyopenssl 3 https://github.com/home-assistant/core 3 https://github.com/ome/omero-web 3 https://github.com/djblets/djblets 3 https://github.com/pretix/pretix 3 https://github.com/indico/indico 3 https://github.com/beancount/fava 3 https://github.com/furlongm/openvpn-monitor 3 https://github.com/moinwiki/moin-1.9 3 https://github.com/github/securitylab 3 https://github.com/pytorch/serve 3 https://github.com/nltk/nltk 3 https://github.com/wasm3/wasm3 3 https://github.com/python/cpython 3 https://github.com/Cog-Creators/Red-DiscordBot 3 https://github.com/jupyterlab/jupyterlab 3 https://github.com/jupyterhub/jupyterhub 3 https://github.com/Gerapy/Gerapy 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/rochacbruno/quokka 3 https://github.com/openstack/octavia 3 https://github.com/andialbrecht/sqlparse 3 https://github.com/encode/starlette 3 https://github.com/pypa/advisory-db 3 https://github.com/run-llama/llama_index 3 https://github.com/openstack/python-keystoneclient 3 https://github.com/dlitz/pycrypto 3 https://github.com/mpdavis/python-jose 3 https://github.com/pallets/flask 3 https://github.com/lepture/mistune 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hyperledger/indy-node 3 https://github.com/9001/copyparty 3 https://github.com/theupdateframework/python-tuf 3 https://github.com/yaml/pyyaml 3 https://github.com/sosreport/sos 3 https://github.com/django-helpdesk/django-helpdesk 3 https://github.com/dgtlmoon/changedetection.io 3 https://github.com/theupdateframework/tuf 3 https://github.com/onnx/onnx 3 https://github.com/impredicative/bitlyshortener 3 https://github.com/IdentityPython/pysaml2 3 https://github.com/httplib2/httplib2 3 https://github.com/poezio/slixmpp 3 https://github.com/streamlit/streamlit 3 https://github.com/paramiko/paramiko 3 https://github.com/zenml-io/zenml 3 https://github.com/ethereum/eth-abi 2 https://github.com/openstack/magnum 2 https://github.com/mirumee/saleor 2 https://github.com/petl-developers/petl 2 https://github.com/executablebooks/markdown-it-py 2 https://github.com/pytest-dev/py 2 https://github.com/piccolo-orm/piccolo 2 https://github.com/eventlet/eventlet 2 https://github.com/MirahezeBots/sopel-channelmgnt 2 https://github.com/embedchain/embedchain 2 https://github.com/python-imaging/Pillow 2 https://github.com/python-ldap/python-ldap 2 https://github.com/facebookresearch/ParlAI 2 https://github.com/python-poetry/poetry 2 https://github.com/clinical-genomics/scout 2 https://github.com/DIRACGrid/DIRAC 2 https://github.com/encode/uvicorn 2 https://github.com/pretalx/pretalx 2 https://github.com/django-wiki/django-wiki 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/mongodb/mongo-python-driver 2 https://github.com/OpenZeppelin/cairo-contracts 2 https://github.com/dask/distributed 2 https://github.com/DataDog/guarddog 2 https://github.com/moggers87/django-sendfile2 2 https://github.com/openstack/tripleo-heat-templates 2 https://github.com/Netflix/lemur 2 https://github.com/cure53/DOMPurify 2 https://github.com/plone/Products.ATContentTypes 2 https://github.com/pyinstaller/pyinstaller 2 https://github.com/corydolphin/flask-cors 2 https://github.com/plone/plone.restapi 2 https://github.com/openstack/barbican 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/FreeTAKTeam/FreeTakServer 2 https://github.com/geopython/OWSLib 2 https://github.com/openstack/ossa 2 https://github.com/FreeOpcUa/opcua-asyncio 2 https://github.com/nexB/scancode.io 2 https://github.com/devsnd/cherrymusic 2 https://github.com/NVIDIA/NeMo 2 https://github.com/Legrandin/pycryptodome 2 https://github.com/stchris/untangle 2 https://github.com/warner/python-ecdsa 2 https://github.com/starkbank/ecdsa-python 2 https://github.com/aws/aws-encryption-sdk-cli 2 https://github.com/snowflakedb/snowflake-connector-python 2 https://github.com/jupyterhub/jupyter-server-proxy 2 https://github.com/aws/sagemaker-python-sdk 2 https://github.com/simplegeo/python-oauth2 2 https://github.com/httpie/httpie 2