Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-v9g2-g7j4-4jxc
  • PyPI/jupyter-scheduler
jupyter-scheduler's endpoint is missing authentication
  • 1.0.0
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • 1.1.4
  • 1.1.5
  • ...
2024-05-23T14:00:15Z Fix available
GHSA-99r4-cjp4-3hmx
  • PyPI/vantage6
vantage6 collaboration admins can extend their influence by expanding the collaboration
  • 0.0.0
  • 0.0.0b0
  • 0.0.0b1
  • 0.0.0b3
  • 1.0.0
  • 1.0.0a1
  • 1.0.0a2
  • ...
2024-05-22T15:49:14Z Fix available
GHSA-jqff-8g2v-642h
  • PyPI/ait-core
NASA AIT-Core vulnerable to remote code execution
  • 1.0.0
  • 1.1.0
  • 1.2.0
  • 1.3.0
  • 1.4.0
  • 2.0.0
  • 2.0.1
  • ...
2024-05-21T21:30:27Z No fix available
GHSA-qv6x-53jj-vw59
  • PyPI/ait-core
NASA AIT-Core uses unencrypted channels to exchange data over the network
  • 1.0.0
  • 1.1.0
  • 1.2.0
  • 1.3.0
  • 1.4.0
  • 2.0.0
  • 2.0.1
  • ...
2024-05-21T21:30:27Z No fix available
GHSA-v9hf-5j83-6xpp
  • PyPI/pymysql
PyMySQL SQL Injection vulnerability
  • 0.10.0
  • 0.10.1
  • 0.2
  • 0.3
  • 0.4
  • 0.5
  • 0.6
  • ...
2024-05-21T18:31:23Z Fix available
GHSA-48cq-79qq-6f7x
  • PyPI/gradio
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • ...
2024-05-21T14:43:50Z Fix available
GHSA-vr85-5pwx-c6gq
  • PyPI/omero-web
OMERO.web must check that the JSONP callback is a valid function
  • 5.10.0
  • 5.11.0
  • 5.11.0rc1
  • 5.12.0
  • 5.12.1
  • 5.13.0
  • 5.14.0
  • ...
2024-05-21T14:33:23Z Fix available
GHSA-9wx4-h78v-vm56
  • PyPI/requests
Requests `Session` object does not verify requests after making first request with verify=False
  • 0.0.1
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.6
  • ...
2024-05-20T20:15:00Z Fix available
GHSA-wgjv-9j3q-jhg8
  • PyPI/aiosmtpd
aiosmtpd STARTTLS unencrypted commands injection
  • 1.0
  • 1.0a1
  • 1.0a2
  • 1.0a3
  • 1.0a4
  • 1.0a5
  • 1.0b1
  • ...
2024-05-20T14:59:07Z Fix available
GHSA-7ggm-4rjg-594w
  • PyPI/litellm
litellm passes untrusted data to `eval` function without sanitization
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.201
  • 0.1.202
  • 0.1.203
  • 0.1.204
  • ...
2024-05-18T00:30:42Z No fix available
GHSA-3783-62vc-jr7x
  • PyPI/consoleme
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
  • 0.0.0
  • 1.0.6.dev10
  • 1.1.1
  • 1.1.10.dev1
  • 1.1.10.dev2
  • 1.1.10.dev3
  • 1.1.10.dev4
  • ...
2024-05-16T21:02:36Z Fix available
GHSA-p4jx-q62p-x5jr
  • PyPI/mlflow
MLflow allows low privilege users to delete any artifact
  • 0.0.1
  • 0.1.0
  • 0.2.0
  • 0.2.1
  • 0.3.0
  • 0.4.0
  • 0.4.1
  • ...
2024-05-16T09:33:08Z Fix available
GHSA-pw38-xv9x-h8ch
  • PyPI/llama-index
  • PyPI/llama-index-llms-rungpt
RunGptLLM class in LlamaIndex has a command injection
  • 0.10.0
  • 0.10.1
  • 0.10.10
  • 0.10.11
  • 0.10.12
  • 0.10.3
  • 0.10.4
  • ...
2024-05-16T09:33:08Z Fix available
GHSA-rfqq-wq6w-72jm
  • PyPI/mlflow
MLflow has a Local File Read/Path Traversal bypass
  • 2.10.0
  • 2.10.1
  • 2.10.2
  • 2.11.0
  • 2.11.1
  • 2.11.2
  • 2.11.3
  • ...
2024-05-16T09:33:08Z Fix available
GHSA-23j4-mw76-5v7h
  • PyPI/scrapy
Scrapy allows redirect following in protocols other than HTTP
  • 0.10.4.2364
  • 0.12.0.2550
  • 0.14.1
  • 0.14.2
  • 0.14.3
  • 0.14.4
  • 0.16.0
  • ...
2024-05-14T20:14:49Z Fix available
GHSA-jm3v-qxmh-hxwv
  • PyPI/scrapy
Scrapy's redirects ignoring scheme-specific proxy settings
  • 0.10.4.2364
  • 0.12.0.2550
  • 0.14.1
  • 0.14.2
  • 0.14.3
  • 0.14.4
  • 0.16.0
  • ...
2024-05-14T20:14:43Z Fix available