Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-7pc3-pr3q-58vg
  • PyPI/sagemaker
 sagemaker-python-sdk Command Injection vulnerability
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • ...
 2024-05-03T20:26:03Z Fix available
GHSA-wjvx-jhpj-r54r
  • PyPI/sagemaker
 sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • ...
 2024-05-03T20:25:33Z Fix available
GHSA-g7vv-2v7x-gj9p
  • PyPI/tqdm
 tqdm CLI arguments injection attack
  • 4.10.0
  • 4.11.0
  • 4.11.1
  • 4.11.2
  • 4.12.0
  • 4.13.0
  • 4.14.0
  • ...
 2024-05-03T19:33:28Z Fix available
GHSA-pwgc-w4x9-gw67
  • PyPI/changedetection-io
 changedetection.io Cross-site Scripting vulnerability
  • 0.38.2
  • 0.39
  • 0.39.1
  • 0.39.10
  • 0.39.10.post1
  • 0.39.10.post2
  • 0.39.11
  • ...
 2024-05-03T17:53:22Z Fix available
GHSA-5m98-qgg9-wh84
  • PyPI/aiohttp
 aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
  • 0.1
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.12.0
  • 0.13.0
  • ...
 2024-05-03T17:29:54Z Fix available
GHSA-2mvc-557g-5638
  • PyPI/pgadmin4
 pgAdmin is affected by a multi-factor authentication bypass vulnerability
  • 4.20
  • 4.22
  • 4.23
  • 4.24
  • 4.25
  • 4.26
  • 4.27
  • ...
 2024-05-02T18:30:55Z Fix available
GHSA-xv64-8p4r-94gq
  • PyPI/pgadmin4
 pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
  • 4.20
  • 4.22
  • 4.23
  • 4.24
  • 4.25
  • 4.26
  • 4.27
  • ...
 2024-05-02T18:30:55Z Fix available
GHSA-w2v8-php4-p8hc
  • PyPI/wagtail
 Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
  • 6.0
  • 6.0.1
  • 6.0.2
 2024-05-01T16:35:13Z Fix available
GHSA-jxgr-gcj5-cqqg
  • PyPI/nautobot
 nautobot has reflected Cross-site Scripting potential in all object list views
  • 1.5.0
  • 1.5.1
  • 1.5.10
  • 1.5.11
  • 1.5.12
  • 1.5.13
  • 1.5.14
  • ...
 2024-05-01T09:36:35Z Fix available
GHSA-8p42-7597-p2f6
  • PyPI/dcnnt
 dcnnt-py is vulnerable to command injection via Notification Handler
  • 0.3.3
  • 0.3.4
  • 0.3.5
  • 0.3.6
  • 0.3.7
  • 0.3.8
  • 0.4.0
  • ...
 2024-04-27T09:30:33Z Fix available
GHSA-6c5p-j8vq-pqhj
  • PyPI/python-jose
 python-jose algorithm confusion with OpenSSH ECDSA keys
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • ...
 2024-04-26T00:30:35Z No fix available
GHSA-cjwg-qfpm-7377
  • PyPI/python-jose
 python-jose denial of service via compressed JWE content
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • ...
 2024-04-26T00:30:35Z No fix available
GHSA-ppx5-q359-pvwj
  • PyPI/vyper
 vyper's range(start, start + N) reverts for negative numbers
  • 0.3.10
  • 0.3.10rc1
  • 0.3.10rc2
  • 0.3.10rc3
  • 0.3.10rc4
  • 0.3.10rc5
  • 0.3.8
  • ...
 2024-04-25T19:53:43Z Fix available
GHSA-xchq-w5r3-4wg3
  • PyPI/vyper
 vyper performs incorrect topic logging in raw_log
  • 0.1.0b1
  • 0.1.0b10
  • 0.1.0b11
  • 0.1.0b12
  • 0.1.0b13
  • 0.1.0b14
  • 0.1.0b15
  • ...
 2024-04-25T19:53:10Z No fix available
GHSA-r56x-j438-vw5m
  • PyPI/vyper
 vyper performs double eval of the slice args when buffer from adhoc locations
  • 0.1.0b1
  • 0.1.0b10
  • 0.1.0b11
  • 0.1.0b12
  • 0.1.0b13
  • 0.1.0b14
  • 0.1.0b15
  • ...
 2024-04-25T19:51:41Z No fix available
GHSA-3whq-64q2-qfj6
  • PyPI/vyper
 vyper performs double eval of raw_args in create_from_blueprint
  • 0.1.0b1
  • 0.1.0b10
  • 0.1.0b11
  • 0.1.0b12
  • 0.1.0b13
  • 0.1.0b14
  • 0.1.0b15
  • ...
 2024-04-25T19:50:50Z No fix available
Load more...