Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-hjx6-f647-mvf9
  • PyPI/invenio-communities
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
  • 5.0.0
  • 5.0.1
  • 5.1.0
  • 5.2.0
  • 5.3.0
  • 5.4.0
  • 5.5.0
  • ...
2024-06-12T19:43:04Z Fix available
GHSA-gprj-3p75-f996
  • PyPI/oauthenticator
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
  • 0.1.0
  • 0.10.0
  • 0.11.0
  • 0.12.0
  • 0.12.1
  • 0.12.2
  • 0.12.3
  • ...
2024-06-12T17:13:07Z Fix available
GHSA-vqwr-q6cc-c242
  • PyPI/lollms
parisneo/lollms Local File Inclusion (LFI) attack
  • 1.1.10
  • 1.1.11
  • 1.1.12
  • 1.1.13
  • 1.1.14
  • 1.1.15
  • 1.1.16
  • ...
2024-06-12T03:31:15Z Fix available
GHSA-fvcq-4x64-hqxr
  • PyPI/jupyter-server-proxy
Jupyter Server Proxy has a reflected XSS issue in host parameter
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.1.0
  • 3.2.0
  • 3.2.1
  • 3.2.2
  • ...
2024-06-11T21:12:47Z Fix available
GHSA-v5gf-r78h-55q6
  • PyPI/document-merge-service
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
  • 5.2.0
  • 5.2.1
  • 6.0.0
  • 6.1.0
  • 6.1.1
  • 6.1.2
  • 6.2.0
  • ...
2024-06-11T20:22:55Z Fix available
GHSA-m5vv-6r4h-3vj9
  • PyPI/azure-identity
  • npm/@azure/identity
  • Maven/com.azure:azure-identity
  • npm/@azure/msal-node
  • NuGet/Microsoft.Identity.Client
  • Go/github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • Maven/com.microsoft.azure:msal4j
  • NuGet/Azure.Identity
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
  • 1.0.0
  • 1.0.0b1
  • 1.0.0b2
  • 1.0.0b3
  • 1.0.0b4
  • 1.0.1
  • 1.1.0
  • ...
2024-06-11T18:30:50Z Fix available
GHSA-qg33-x2c5-6p44
  • PyPI/langflow
Langflow remote code execution vulnerability
  • 0.0.31
  • 0.0.32
  • 0.0.33
  • 0.0.40
  • 0.0.44
  • 0.0.45
  • 0.0.46
  • ...
2024-06-10T21:30:38Z No fix available
GHSA-3mwc-2cj7-gx8c
  • PyPI/lunary
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
  • 0.0.52a0
  • 0.0.52a2
  • 0.1.0
  • 0.1.1
  • 0.1.10
  • 0.1.11
  • 0.1.12
  • ...
2024-06-10T00:30:39Z No fix available
GHSA-5357-c2jx-v7qh
  • PyPI/authlib
Authlib has algorithm confusion with asymmetric public keys
  • 0.1
  • 0.10
  • 0.11
  • 0.12
  • 0.12.1
  • 0.13
  • 0.14
  • ...
2024-06-09T21:30:33Z Fix available
PYSEC-2024-52
  • PyPI/authlib
See record for full details
  • 0.1
  • 0.10
  • 0.11
  • 0.12
  • 0.12.1
  • 0.13
  • 0.14
  • ...
2024-06-09T19:15:00Z Fix available
GHSA-99hm-86h7-gr3g
  • PyPI/zenml
zenml-io/zenml does not expire the session after password reset
  • 0.0.1rc1
  • 0.0.1rc2
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.3rc0
  • ...
2024-06-08T21:30:38Z No fix available
GHSA-hx54-pf28-7xch
  • PyPI/ebookmeta
ebookmeta XML External Entity vulnerability
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.11.1
  • 0.11.2
  • 0.11.5
  • ...
2024-06-07T21:31:54Z Fix available
GHSA-whf4-fpj8-pgg8
  • PyPI/ebookmeta
ebookmeta XML External Entity vulnerability
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.11.1
  • 0.11.2
  • 0.11.5
  • ...
2024-06-07T21:31:54Z Fix available
GHSA-w235-7p84-xx57
  • PyPI/tornado
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
  • 0.2
  • 1.0
  • 1.1
  • 1.1.1
  • 1.2
  • 1.2.1
  • 2.0
  • ...
2024-06-06T21:46:31Z Fix available
GHSA-753j-mpmx-qq6g
  • PyPI/tornado
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
  • 0.2
  • 1.0
  • 1.1
  • 1.1.1
  • 1.2
  • 1.2.1
  • 2.0
  • ...
2024-06-06T21:41:20Z Fix available
GHSA-3xr8-qfvj-9p9j
  • PyPI/litellm
Arbitrary file deletion in litellm
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.201
  • 0.1.202
  • 0.1.203
  • 0.1.204
  • ...
2024-06-06T21:30:37Z Fix available