Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
MAL-2023-8651
Malicious code in lodestone (PyPI)
  • 0.0.58
  • 0.0.59
2023-12-01T21:54:02Z No fix available
GHSA-7vwr-g6pm-9hc8
  • PyPI/fastapi-proxy-lib
Cookie leakage between different users in fastapi-proxy-lib
  • 0.0.1b0
2023-12-01T19:23:49Z Fix available
GHSA-r8j9-5cj7-cv39
  • PyPI/dpaste
Reflected XSS Vulnerability in dpaste
  • 2.0
  • 2.1
  • 2.10
  • 2.11
  • 2.12
  • 2.13
  • 2.13a0
  • ...
2023-12-01T19:23:16Z Fix available
GHSA-jfhm-5ghh-2f97
  • PyPI/cryptography
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
  • 3.1
  • 3.1.1
  • 3.2
  • 3.2.1
  • 3.3
  • 3.3.1
  • 3.3.2
  • ...
2023-11-28T20:46:46Z Fix available
GHSA-f678-j579-4xf5
  • PyPI/apache-superset
Apache Superset - Elevation of Privilege
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-28T18:56:21Z Fix available
GHSA-3hp7-4qq4-v5c6
  • PyPI/apache-superset
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-28T18:30:23Z Fix available
GHSA-fgpw-4w69-j256
  • PyPI/apache-superset
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-28T18:30:23Z Fix available
GHSA-hc74-9vjm-c9xv
  • PyPI/apache-superset
Apache Superset Open Redirect vulnerability
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-28T18:30:23Z Fix available
GHSA-q3qx-c6g2-7pw2
  • PyPI/aiohttp
aiohttp's ClientSession is vulnerable to CRLF injection via version
  • 0.1
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.12.0
  • 0.13.0
  • ...
2023-11-27T23:17:42Z Fix available
GHSA-qvrw-v9rv-5rjx
  • PyPI/aiohttp
aiohttp's ClientSession is vulnerable to CRLF injection via method
  • 0.1
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.12.0
  • 0.13.0
  • ...
2023-11-27T23:17:24Z Fix available
GHSA-pjjw-qhg8-p2p9
  • PyPI/aiohttp
aiohttp has vulnerable dependency that is vulnerable to request smuggling
  • 0.1
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.12.0
  • 0.13.0
  • ...
2023-11-27T23:15:38Z Fix available
GHSA-392c-vjfv-h7wr
  • PyPI/apache-superset
Apache Superset - Elevation of Privilege
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-27T12:30:55Z Fix available
GHSA-vv65-fjfj-4736
  • PyPI/apache-superset
Apache Superset has Incorrect Default Permissions
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-27T12:30:55Z Fix available
GHSA-wq8q-99p5-xfrw
  • PyPI/apache-superset
Apache Superset Cross-site Scripting vulnerability
  • 0.34.0
  • 0.34.1
  • 0.35.1
  • 0.35.2
  • 0.36.0
  • 0.37.0
  • 0.37.1
  • ...
2023-11-27T12:30:55Z Fix available
GHSA-rqr8-pxh7-cq3g
  • PyPI/eth-abi
Ethereum ABI decoder DoS when parsing ZST
  • 0.5.0
  • 1.0.0
  • 1.0.0b0
  • 1.0.0b1
  • 1.1.0
  • 1.1.1
  • 1.2.0
  • ...
2023-11-24T16:54:11Z Fix available
GHSA-cf9f-wmhp-v4pr
  • PyPI/nautobot
Cross-site Scripting potential in custom links, job buttons, and computed fields
  • 1.0.0
  • 1.0.0a1
  • 1.0.0a2
  • 1.0.0b1
  • 1.0.0b2
  • 1.0.0b3
  • 1.0.0b4
  • ...
2023-11-22T20:55:54Z Fix available