Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
116444
AlmaLinux
2722
Alpine
3396
Android
881
Bitnami
3900
CRAN
10
crates.io
1350
Debian
9864
GIT
33012
GitHub Actions
16
Go
2157
Hackage
18
Hex
30
Linux
13573
Maven
4882
npm
14391
NuGet
581
OSS-Fuzz
3289
Packagist
3397
Pub
8
PyPI
11905
Rocky Linux
1121
RubyGems
788
SwiftURL
31
Ubuntu
5122
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-7pc3-pr3q-58vg
PyPI/sagemaker
sagemaker-python-sdk Command Injection vulnerability
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.1.3
...
2024-05-03T20:26:03Z
Fix available
GHSA-wjvx-jhpj-r54r
PyPI/sagemaker
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.1.3
...
2024-05-03T20:25:33Z
Fix available
GHSA-g7vv-2v7x-gj9p
PyPI/tqdm
tqdm CLI arguments injection attack
4.10.0
4.11.0
4.11.1
4.11.2
4.12.0
4.13.0
4.14.0
...
2024-05-03T19:33:28Z
Fix available
GHSA-pwgc-w4x9-gw67
PyPI/changedetection-io
changedetection.io Cross-site Scripting vulnerability
0.38.2
0.39
0.39.1
0.39.10
0.39.10.post1
0.39.10.post2
0.39.11
...
2024-05-03T17:53:22Z
Fix available
GHSA-5m98-qgg9-wh84
PyPI/aiohttp
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
0.1
0.10.0
0.10.1
0.10.2
0.11.0
0.12.0
0.13.0
...
2024-05-03T17:29:54Z
Fix available
GHSA-2mvc-557g-5638
PyPI/pgadmin4
pgAdmin is affected by a multi-factor authentication bypass vulnerability
4.20
4.22
4.23
4.24
4.25
4.26
4.27
...
2024-05-02T18:30:55Z
Fix available
GHSA-xv64-8p4r-94gq
PyPI/pgadmin4
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
4.20
4.22
4.23
4.24
4.25
4.26
4.27
...
2024-05-02T18:30:55Z
Fix available
GHSA-w2v8-php4-p8hc
PyPI/wagtail
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
6.0
6.0.1
6.0.2
2024-05-01T16:35:13Z
Fix available
GHSA-jxgr-gcj5-cqqg
PyPI/nautobot
nautobot has reflected Cross-site Scripting potential in all object list views
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
...
2024-05-01T09:36:35Z
Fix available
GHSA-8p42-7597-p2f6
PyPI/dcnnt
dcnnt-py is vulnerable to command injection via Notification Handler
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.4.0
...
2024-04-27T09:30:33Z
Fix available
GHSA-6c5p-j8vq-pqhj
PyPI/python-jose
python-jose algorithm confusion with OpenSSH ECDSA keys
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...
2024-04-26T00:30:35Z
No fix available
GHSA-cjwg-qfpm-7377
PyPI/python-jose
python-jose denial of service via compressed JWE content
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...
2024-04-26T00:30:35Z
No fix available
GHSA-ppx5-q359-pvwj
PyPI/vyper
vyper's range(start, start + N) reverts for negative numbers
0.3.10
0.3.10rc1
0.3.10rc2
0.3.10rc3
0.3.10rc4
0.3.10rc5
0.3.8
...
2024-04-25T19:53:43Z
Fix available
GHSA-xchq-w5r3-4wg3
PyPI/vyper
vyper performs incorrect topic logging in raw_log
0.1.0b1
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
...
2024-04-25T19:53:10Z
No fix available
GHSA-r56x-j438-vw5m
PyPI/vyper
vyper performs double eval of the slice args when buffer from adhoc locations
0.1.0b1
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
...
2024-04-25T19:51:41Z
No fix available
GHSA-3whq-64q2-qfj6
PyPI/vyper
vyper performs double eval of raw_args in create_from_blueprint
0.1.0b1
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
...
2024-04-25T19:50:50Z
No fix available
Load more...
PyPI - OSV