Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-j8r2-6x86-q33q
  • PyPI/requests
Unintended leak of Proxy-Authorization header in requests
  • 2.10.0
  • 2.11.0
  • 2.11.1
  • 2.12.0
  • 2.12.1
  • 2.12.2
  • 2.12.3
  • ...
2023-05-30T07:19:05.651846Z Fix available
GHSA-x7c2-7wvg-jpx7
  • PyPI/kiwitcms
kiwitcms vulnerable to stored XSS via unrestricted files upload
  • 10.0
  • 10.1
  • 10.2
  • 10.3
  • 10.3.999
  • 10.4
  • 10.5
  • ...
2023-05-30T07:13:17.975880Z Fix available
GHSA-hh7j-pg39-q563
  • PyPI/toui
toui allows user-specific variables to be shared between users
  • 2.0.1
  • 2.1.0
  • 2.1.1
  • 2.2.0
  • 2.3.0
  • 2.4.0
2023-05-30T06:50:27.694308Z Fix available
GHSA-446m-hmmm-hm8m
  • PyPI/ckan
  • PyPI/ckan
Ckan remote code execution and private information access via crafted resource ids
  • 0.11
  • 0.3
  • 0.4
  • 0.5
  • 0.6
  • 0.7
  • 0.8
  • ...
2023-05-29T16:28:01.706615Z Fix available
GHSA-4xqq-73wg-5mjp
  • PyPI/git-url-parse
git-url-parse Regular Expression Denial of Service
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.2.0
  • 1.2.1
  • 1.2.2
2023-05-26T22:05:29.353885Z No fix available
GHSA-qg36-9jxh-fj25
  • PyPI/django-ses
Incorrect signature verification in django-ses
  • 0.1
  • 0.2
  • 0.3.0
  • 0.4.0
  • 0.4.1
  • 0.6.0
  • 0.7.0
  • ...
2023-05-26T22:04:09.934499Z Fix available
GHSA-hj3f-6gcp-jg8j
  • PyPI/tornado
Open redirect in Tornado
  • 0.2
  • 1.0
  • 1.1
  • 1.1.1
  • 1.2
  • 1.2.1
  • 2.0
  • ...
2023-05-26T21:34:14.886146Z Fix available
GHSA-282v-666c-3fvg
  • PyPI/transformers
transformers has Insecure Temporary File
  • 0.1
  • 2.0.0
  • 2.1.0
  • 2.1.1
  • 2.10.0
  • 2.11.0
  • 2.2.0
  • ...
2023-05-26T19:49:10.416943Z No fix available
GHSA-j5fj-rfh6-qj85
  • PyPI/planet
Planet's secret file is created with excessive permissions
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 1.0.0
  • ...
2023-05-26T19:18:23.683915Z Fix available
GHSA-f3wc-3vxv-xmvr
  • PyPI/matrix-synapse
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
  • 0.33.5
  • 0.33.5.1
  • 0.33.6
  • 0.33.6rc1
  • 0.33.7
  • 0.33.7rc1
  • 0.33.7rc2
  • ...
2023-05-26T18:20:28.669509Z Fix available
GHSA-p9qp-c452-f9r7
  • PyPI/matrix-synapse
Synapse Denial of service due to incorrect application of event authorization rules during state resolution
  • 1.62.0
  • 1.63.0
  • 1.63.0rc1
  • 1.63.1
  • 1.64.0
  • 1.64.0rc1
  • 1.64.0rc2
  • ...
2023-05-26T18:05:37.242599Z Fix available
GHSA-45cj-f97f-ggwv
  • PyPI/matrix-synapse
Synapse does not apply enough checks to servers requesting auth events of events in a room
  • 0.33.5
  • 0.33.5.1
  • 0.33.6
  • 0.33.6rc1
  • 0.33.7
  • 0.33.7rc1
  • 0.33.7rc2
  • ...
2023-05-26T18:04:07.819100Z Fix available
PYSEC-2022-231
  • PyPI/nvflare
  • 0.1.3
  • 0.9.0
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.1.1
  • ...
2023-05-26T05:35:30.086780Z Fix available
PYSEC-2022-232
  • PyPI/nvflare
  • 0.1.3
  • 0.9.0
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.1.1
  • ...
2023-05-26T05:35:24.410561Z Fix available
PYSEC-2021-872
  • PyPI/distributed
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.10.0
  • 1.10.1
  • 1.10.2
  • ...
2023-05-25T05:07:00Z Fix available
PYSEC-2021-873
  • PyPI/gradio
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • ...
2023-05-25T05:07:00Z Fix available