Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
112113
AlmaLinux
2822
Alpine
3436
Android
890
Bitnami
3949
CRAN
10
crates.io
1359
Debian
9890
GIT
27857
GitHub Actions
16
Go
2195
Hackage
18
Hex
30
Linux
13573
Maven
4894
npm
14460
NuGet
587
OSS-Fuzz
3314
Packagist
3602
Pub
8
PyPI
12040
Rocky Linux
1192
RubyGems
790
SwiftURL
31
Ubuntu
5150
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-v9hf-5j83-6xpp
PyPI/pymysql
PyMySQL SQL Injection vulnerability
0.10.0
0.10.1
0.2
0.3
0.4
0.5
0.6
...
2024-05-21T18:31:23Z
Fix available
GHSA-48cq-79qq-6f7x
PyPI/gradio
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...
2024-05-21T14:43:50Z
Fix available
GHSA-vr85-5pwx-c6gq
PyPI/omero-web
OMERO.web must check that the JSONP callback is a valid function
5.10.0
5.11.0
5.11.0rc1
5.12.0
5.12.1
5.13.0
5.14.0
...
2024-05-21T14:33:23Z
Fix available
GHSA-9wx4-h78v-vm56
PyPI/requests
Requests `Session` object does not verify requests after making first request with verify=False
0.0.1
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.6
...
2024-05-20T20:15:00Z
Fix available
GHSA-wgjv-9j3q-jhg8
PyPI/aiosmtpd
aiosmtpd STARTTLS unencrypted commands injection
1.0
1.0a1
1.0a2
1.0a3
1.0a4
1.0a5
1.0b1
...
2024-05-20T14:59:07Z
Fix available
GHSA-7ggm-4rjg-594w
PyPI/litellm
litellm passes untrusted data to `eval` function without sanitization
0.1.0
0.1.1
0.1.2
0.1.201
0.1.202
0.1.203
0.1.204
...
2024-05-18T00:30:42Z
No fix available
GHSA-3783-62vc-jr7x
PyPI/consoleme
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
0.0.0
1.0.6.dev10
1.1.1
1.1.10.dev1
1.1.10.dev2
1.1.10.dev3
1.1.10.dev4
...
2024-05-16T21:02:36Z
Fix available
GHSA-p4jx-q62p-x5jr
PyPI/mlflow
MLflow allows low privilege users to delete any artifact
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
...
2024-05-16T09:33:08Z
Fix available
GHSA-pw38-xv9x-h8ch
PyPI/llama-index
PyPI/llama-index-llms-rungpt
RunGptLLM class in LlamaIndex has a command injection
0.10.0
0.10.1
0.10.10
0.10.11
0.10.12
0.10.3
0.10.4
...
2024-05-16T09:33:08Z
Fix available
GHSA-rfqq-wq6w-72jm
PyPI/mlflow
MLflow has a Local File Read/Path Traversal bypass
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
...
2024-05-16T09:33:08Z
Fix available
GHSA-23j4-mw76-5v7h
PyPI/scrapy
Scrapy allows redirect following in protocols other than HTTP
0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...
2024-05-14T20:14:49Z
Fix available
GHSA-jm3v-qxmh-hxwv
PyPI/scrapy
Scrapy's redirects ignoring scheme-specific proxy settings
0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...
2024-05-14T20:14:43Z
Fix available
GHSA-4qqq-9vqf-3h3f
PyPI/scrapy
Scrapy leaks the authorization header on same-domain but cross-origin redirects
0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...
2024-05-14T20:14:33Z
Fix available
GHSA-2vjq-hg5w-5gm7
PyPI/octoprint
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
1.10.0
1.10.0rc1
1.10.0rc2
1.10.0rc3
1.10.0rc4
1.3.11
1.3.12
...
2024-05-14T20:13:47Z
Fix available
GHSA-52gm-qmg3-r4qp
PyPI/apache-airflow
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2.9.0
2.9.1rc1
2.9.1rc2
2024-05-14T18:31:00Z
Fix available
MAL-2024-1365
Malicious code in testpkg3322 (PyPI)
2.35.8
2024-05-14T06:17:03Z
No fix available
Load more...
PyPI - OSV