OSV - Open Source Vulnerabilities

GHSA-ghp8-52vx-77j4

PyPI/pgadmin4

pgAdmin failed to properly control the server code

4.20
4.22
4.23
4.24
4.25
4.26
4.27
...

2023-09-22T15:30:15Z

Fix available

GHSA-hc5c-r8m5-2gfh

PyPI/plone-restapi

plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

8.0.0
8.1.0
8.10.0
8.11.0
8.12.0
8.12.1
8.13.0
...

2023-09-21T17:16:44Z

Fix available

GHSA-jj7c-jrv4-c65x

PyPI/plone-namedfile
PyPI/plone-namedfile
PyPI/plone-namedfile
PyPI/plone-namedfile

plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...

2023-09-21T17:14:58Z

Fix available

GHSA-v8gr-m533-ghj9

PyPI/cryptography

Vulnerable OpenSSL included in cryptography wheels

2.5
2.6
2.6.1
2.7
2.8
2.9
2.9.1
...

2023-09-21T17:07:01Z

Fix available

GHSA-h6rp-mprm-xgcq

PyPI/plone-rest
PyPI/plone-rest

plone.rest vulnerable to Denial of Service when ++api++ is used many times

2.0.0
2.0.0a1
2.0.0a2
2.0.0a3
2.0.0a4
2.0.0a5
2.0.0a6.dev0
...

2023-09-21T17:06:37Z

Fix available

GHSA-wm8q-9975-xh5v

PyPI/zope
PyPI/zope

Zope vulnerable to Stored Cross Site Scripting with SVG images

4.0
4.0b1
4.0b10
4.0b2
4.0b3
4.0b4
4.0b5
...

2023-09-21T17:04:09Z

Fix available

GHSA-c647-pxm2-c52w

PyPI/vyper

Vyper vulnerable to memory corruption in certain builtins utilizing `msize`

0.1.0b1
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
...

2023-09-20T23:05:35Z

No fix available

GHSA-pxg5-h34r-7q8p

PyPI/geonode

GeoNode vulnerable to SSRF Bypass to return internal host data

3.2.0
3.2.1
3.2.2
3.2.3
3.2.3.post1
3.2.4
3.3.0
...

2023-09-20T23:04:44Z

Fix available

GHSA-pj98-2xf6-cff5

PyPI/reportlab

ReportLab vulnerable to remote code execution via paraparser

2023-09-20T15:30:51Z

Fix available

PYSEC-2023-175

PyPI/imagecodecs

See record for full details

See details.

2023-09-20T05:46:53.608652Z

Fix available

PYSEC-2023-174

PyPI/imagecodecs

See record for full details

2018.10.10
2018.10.18
2018.10.22
2018.10.28
2018.10.30
2018.11.8
2018.12.1
...

2023-09-20T05:31:28.958082Z

Fix available

GHSA-3hg2-r75x-g69m

PyPI/vyper

Vyper has incorrect re-entrancy lock when key is empty string

0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
...

2023-09-18T19:20:55Z

Fix available

GHSA-v4q9-qgqf-7jwp

PyPI/gradio

Gradio arbitrary file upload vulnerability

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...

2023-09-16T00:30:30Z

No fix available

PYSEC-2023-176

PyPI/geonode

See record for full details

3.2.0
3.2.1
3.2.2
3.2.3
3.2.3.post1
3.2.4
3.3.0
...

2023-09-15T21:15:00Z

No fix available

PYSEC-2023-173

github.com/piccolo-orm/piccolo
PyPI/piccolo

See record for full details

0.1.0
0.1.1
0.1.2
0.10.0
0.10.1
0.10.2
0.10.3
...

2023-09-12T21:15:00Z

Fix available

GHSA-mjqh-v5f2-g2mw

PyPI/apache-airflow

Apache Airflow information exposure vulnerability

1.10.0
1.10.1
1.10.10
1.10.10rc1
1.10.10rc2
1.10.10rc3
1.10.10rc4
...

2023-09-12T19:25:08Z

Fix available

Vulnerability Library