OSV - Open Source Vulnerabilities

GHSA-v9hf-5j83-6xpp

PyPI/pymysql

PyMySQL SQL Injection vulnerability

0.10.0
0.10.1
0.2
0.3
0.4
0.5
0.6
...

2024-05-21T18:31:23Z

Fix available

GHSA-48cq-79qq-6f7x

PyPI/gradio

Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...

2024-05-21T14:43:50Z

Fix available

GHSA-vr85-5pwx-c6gq

PyPI/omero-web

OMERO.web must check that the JSONP callback is a valid function

5.10.0
5.11.0
5.11.0rc1
5.12.0
5.12.1
5.13.0
5.14.0
...

2024-05-21T14:33:23Z

Fix available

GHSA-9wx4-h78v-vm56

PyPI/requests

Requests `Session` object does not verify requests after making first request with verify=False

0.0.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.6
...

2024-05-20T20:15:00Z

Fix available

GHSA-wgjv-9j3q-jhg8

PyPI/aiosmtpd

aiosmtpd STARTTLS unencrypted commands injection

1.0
1.0a1
1.0a2
1.0a3
1.0a4
1.0a5
1.0b1
...

2024-05-20T14:59:07Z

Fix available

GHSA-7ggm-4rjg-594w

PyPI/litellm

litellm passes untrusted data to `eval` function without sanitization

0.1.0
0.1.1
0.1.2
0.1.201
0.1.202
0.1.203
0.1.204
...

2024-05-18T00:30:42Z

No fix available

GHSA-3783-62vc-jr7x

PyPI/consoleme

ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

0.0.0
1.0.6.dev10
1.1.1
1.1.10.dev1
1.1.10.dev2
1.1.10.dev3
1.1.10.dev4
...

2024-05-16T21:02:36Z

Fix available

GHSA-p4jx-q62p-x5jr

PyPI/mlflow

MLflow allows low privilege users to delete any artifact

0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
...

2024-05-16T09:33:08Z

Fix available

GHSA-pw38-xv9x-h8ch

PyPI/llama-index
PyPI/llama-index-llms-rungpt

RunGptLLM class in LlamaIndex has a command injection

0.10.0
0.10.1
0.10.10
0.10.11
0.10.12
0.10.3
0.10.4
...

2024-05-16T09:33:08Z

Fix available

GHSA-rfqq-wq6w-72jm

PyPI/mlflow

MLflow has a Local File Read/Path Traversal bypass

2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
...

2024-05-16T09:33:08Z

Fix available

GHSA-23j4-mw76-5v7h

PyPI/scrapy

Scrapy allows redirect following in protocols other than HTTP

0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...

2024-05-14T20:14:49Z

Fix available

GHSA-jm3v-qxmh-hxwv

PyPI/scrapy

Scrapy's redirects ignoring scheme-specific proxy settings

0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...

2024-05-14T20:14:43Z

Fix available

GHSA-4qqq-9vqf-3h3f

PyPI/scrapy

Scrapy leaks the authorization header on same-domain but cross-origin redirects

0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...

2024-05-14T20:14:33Z

Fix available

GHSA-2vjq-hg5w-5gm7

PyPI/octoprint

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

1.10.0
1.10.0rc1
1.10.0rc2
1.10.0rc3
1.10.0rc4
1.3.11
1.3.12
...

2024-05-14T20:13:47Z

Fix available

GHSA-52gm-qmg3-r4qp

PyPI/apache-airflow

Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

2.9.0
2.9.1rc1
2.9.1rc2

2024-05-14T18:31:00Z

Fix available

MAL-2024-1365

Malicious code in testpkg3322 (PyPI)

2.35.8

2024-05-14T06:17:03Z

No fix available

Vulnerability Library