Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-3783-62vc-jr7x
  • PyPI/consoleme
 ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
  • 0.0.0
  • 1.0.6.dev10
  • 1.1.1
  • 1.1.10.dev1
  • 1.1.10.dev2
  • 1.1.10.dev3
  • 1.1.10.dev4
  • ...
 2024-05-16T21:02:36Z Fix available
GHSA-cqh9-jfqr-h9jj
  • PyPI/wandb
 Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
  • 0.1.0
  • 0.10.0
  • 0.10.0rc1
  • 0.10.0rc2
  • 0.10.0rc3
  • 0.10.0rc4
  • 0.10.0rc5
  • ...
 2024-05-16T09:33:09Z No fix available
GHSA-p4jx-q62p-x5jr
  • PyPI/mlflow
 MLflow allows low privilege users to delete any artifact
  • 0.0.1
  • 0.1.0
  • 0.2.0
  • 0.2.1
  • 0.3.0
  • 0.4.0
  • 0.4.1
  • ...
 2024-05-16T09:33:08Z Fix available
GHSA-pw38-xv9x-h8ch
  • PyPI/llama-index
  • PyPI/llama-index-llms-rungpt
 RunGptLLM class in LlamaIndex has a command injection
  • 0.10.0
  • 0.10.1
  • 0.10.10
  • 0.10.11
  • 0.10.12
  • 0.10.3
  • 0.10.4
  • ...
 2024-05-16T09:33:08Z Fix available
GHSA-rfqq-wq6w-72jm
  • PyPI/mlflow
 MLflow has a Local File Read/Path Traversal bypass
  • 2.10.0
  • 2.10.1
  • 2.10.2
  • 2.11.0
  • 2.11.1
  • 2.11.2
  • 2.11.3
  • ...
 2024-05-16T09:33:08Z Fix available
GHSA-4724-7jwc-3fpw
  • PyPI/github-com/grafana/grafana
 Grafana Spoofing originalUrl of snapshots
  • See details.
 2024-05-14T22:29:26Z Fix available
GHSA-23j4-mw76-5v7h
  • PyPI/scrapy
 Scrapy allows redirect following in protocols other than HTTP
  • 0.10.4.2364
  • 0.12.0.2550
  • 0.14.1
  • 0.14.2
  • 0.14.3
  • 0.14.4
  • 0.16.0
  • ...
 2024-05-14T20:14:49Z Fix available
GHSA-jm3v-qxmh-hxwv
  • PyPI/scrapy
 Scrapy's redirects ignoring scheme-specific proxy settings
  • 0.10.4.2364
  • 0.12.0.2550
  • 0.14.1
  • 0.14.2
  • 0.14.3
  • 0.14.4
  • 0.16.0
  • ...
 2024-05-14T20:14:43Z Fix available
GHSA-4qqq-9vqf-3h3f
  • PyPI/scrapy
 Scrapy leaks the authorization header on same-domain but cross-origin redirects
  • 0.10.4.2364
  • 0.12.0.2550
  • 0.14.1
  • 0.14.2
  • 0.14.3
  • 0.14.4
  • 0.16.0
  • ...
 2024-05-14T20:14:33Z Fix available
GHSA-2vjq-hg5w-5gm7
  • PyPI/octoprint
 OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
  • 1.10.0
  • 1.10.0rc1
  • 1.10.0rc2
  • 1.10.0rc3
  • 1.10.0rc4
  • 1.3.11
  • 1.3.12
  • ...
 2024-05-14T20:13:47Z Fix available
GHSA-52gm-qmg3-r4qp
  • PyPI/apache-airflow
 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
  • 2.9.0
  • 2.9.1rc1
  • 2.9.1rc2
 2024-05-14T18:31:00Z Fix available
MAL-2024-1365
Malicious code in testpkg3322 (PyPI)
  • 2.35.8
 2024-05-14T06:17:03Z No fix available
GHSA-r2hr-4v48-fjv3
  • PyPI/nautobot
 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
  • 1.0.0
  • 1.0.0a1
  • 1.0.0a2
  • 1.0.0b1
  • 1.0.0b2
  • 1.0.0b3
  • 1.0.0b4
  • ...
 2024-05-13T19:59:26Z Fix available
GHSA-56xg-wfcc-g829
  • PyPI/llama-cpp-python
 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
  • 0.2.30
  • 0.2.31
  • 0.2.32
  • 0.2.33
  • 0.2.34
  • 0.2.35
  • 0.2.36
  • ...
 2024-05-13T14:10:18Z No fix available
GHSA-w4h6-9wrp-v5jq
  • PyPI/frigate
 Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
  • 0.1.0
  • 0.2.0
  • 0.3.0
  • 0.4.0
  • 0.4.0a0
  • 0.4.0a0.post0.dev14
  • 0.5.0
  • ...
 2024-05-09T15:13:49Z Fix available
GHSA-299q-3p96-5898
  • PyPI/apache-superset
 Apache Superset Incorrect Authorization vulnerability
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
 2024-05-07T15:30:36Z Fix available
Load more...