Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-g4gq-j4p2-j8fr
  • PyPI/zope
  • PyPI/zope
Remote Code Execution via Script (Python) objects under Python 3
  • 4.0
  • 4.1
  • 4.1.1
  • 4.1.2
  • 4.1.3
  • 4.2
  • 4.2.1
  • ...
2022-12-03T04:20:53.038438Z Fix available
GHSA-qcx9-j53g-ccgf
  • PyPI/accesscontrol
  • PyPI/accesscontrol
Remote Code Execution via unsafe classes in otherwise permitted modules
  • 4.0
  • 4.1
  • 4.2
  • 5.0
  • 5.1
2022-12-03T04:20:25.921387Z Fix available
GHSA-47fc-vmwq-366v
  • PyPI/torch
PyTorch vulnerable to arbitrary code execution
  • 1.0.0
  • 1.0.1
  • 1.0.1.post2
  • 1.1.0
  • 1.1.0.post2
  • 1.10.0
  • 1.10.1
  • ...
2022-12-02T22:47:15.659636Z No fix available
GHSA-qv6c-367r-3w6q
  • PyPI/xblock-drag-and-drop-v2
XBlock vulnerable to Cross-Site Scripting (XSS)
  • 2.5.0
  • 2.7.0
2022-12-02T22:38:39.885187Z Fix available
GHSA-rp2v-v467-q9vq
  • PyPI/guarddog
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
  • 0.1.1
  • 0.1.3
  • 0.1.4
2022-12-02T22:38:14.525549Z Fix available
GHSA-83g7-8fch-p37m
  • PyPI/paddlepaddle
PaddlePaddle vulnerable to code injection via winstr
  • 1.8.2
  • 1.8.3
  • 1.8.4
  • 1.8.5
  • 2.0.0
  • 2.0.0a0
  • 2.0.0b0
  • ...
2022-12-01T22:22:45.995025Z Fix available
GHSA-jf2p-4gqj-849g
  • Maven/net.sf.mpxj:mpxj
  • NuGet/net.sf.mpxj
  • NuGet/net.sf.mpxj-for-csharp
  • NuGet/net.sf.mpxj-for-vb
  • PyPI/mpxj
Temporary File Information Disclosure vulnerability in MPXJ
  • 10.0.0
  • 10.0.1
  • 10.0.3
  • 10.0.4
  • 10.0.5
  • 10.1.0
  • 10.10.0
  • ...
2022-12-01T22:21:51.857860Z Fix available
GHSA-mvg9-xffr-p774
  • PyPI/pillow
Out of bounds read in Pillow
  • 1.0
  • 1.1
  • 1.2
  • 1.3
  • 1.4
  • 1.5
  • 1.6
  • ...
2022-12-01T22:07:10.647402Z Fix available
GHSA-gr58-76rp-mmg4
  • PyPI/wger
wger vulnerable to brute force attempts
  • 1.1
  • 1.1.1
  • 1.2
  • 1.2rc1
  • 1.3
  • 1.4
  • 1.5
  • ...
2022-11-30T19:40:04.150277Z Fix available
GHSA-vg46-2rrj-3647
  • PyPI/twisted
Twisted vulnerable to NameVirtualHost Host header injection
  • 1.0.1
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • 1.0.7
  • 1.1.0
  • ...
2022-11-30T19:21:05.697854Z Fix available
GHSA-7wqf-h36w-47mc
  • PyPI/apache-airflow
OS Command Injection in Apache Airflow
  • 1.10.0
  • 1.10.1
  • 1.10.10
  • 1.10.10rc1
  • 1.10.10rc2
  • 1.10.10rc3
  • 1.10.10rc4
  • ...
2022-11-29T18:21:35.953161Z Fix available
GHSA-rmf2-pwfq-h75j
  • PyPI/apache-airflow
OS Command Injection in Apache Airflow
  • 1.10.0
  • 1.10.1
  • 1.10.10
  • 1.10.10rc1
  • 1.10.10rc2
  • 1.10.10rc3
  • 1.10.10rc4
  • ...
2022-11-29T18:06:34.599200Z Fix available
GHSA-ggrh-grj3-vfvw
  • PyPI/bitlyshortener
Package discontinued because Bitly lowered the free quota
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.0.7
  • 0.0.8
  • 0.0.9
  • ...
2022-11-28T23:08:00.917920Z No fix available
GHSA-cm43-f2pv-6v68
  • PyPI/apache-airflow
OS Command Injection in Apache Airflow
  • 1.10.0
  • 1.10.1
  • 1.10.10
  • 1.10.10rc1
  • 1.10.10rc2
  • 1.10.10rc3
  • 1.10.10rc4
  • ...
2022-11-28T21:23:20.514876Z Fix available
GHSA-cc99-whm5-mmq3
  • PyPI/keystone
Openstack Keystone Incorrect Authorization vulnerability
  • 12.0.2
  • 12.0.3
  • 13.0.2
  • 13.0.3
  • 13.0.4
  • 14.0.0
  • 14.0.1
  • ...
2022-11-28T21:23:08.399004Z No fix available
GHSA-2p9h-ccw7-33gf
  • PyPI/cleo
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
  • 0.2.0
  • 0.2.1
  • 0.3.0
  • 0.4.0
  • 0.4.1
  • 0.5.0
  • 0.6.0
  • ...
2022-11-28T21:22:56.780371Z Fix available