Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
PYSEC-2022-300
  • PyPI/label-studio
  • 0.4.0rc1
  • 0.4.0rc2
  • 0.4.0rc3
  • 0.4.0rc4
  • 0.4.0rc5
  • 0.4.0rc6
  • 0.4.0rc7
  • ...
2022-10-04T22:46:41.362638Z Fix available
GHSA-pc6f-259w-w3j6
  • PyPI/label-studio
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
  • 0.4.0rc1
  • 0.4.0rc2
  • 0.4.0rc3
  • 0.4.0rc4
  • 0.4.0rc5
  • 0.4.0rc6
  • 0.4.0rc7
  • ...
2022-10-04T22:44:53.648205Z Fix available
GHSA-8wxf-c45w-g66g
  • PyPI/rdiffweb
rdiffweb vulnerable to password complexity bypass leading to weak passwords
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-10-04T16:20:01.410948Z Fix available
GHSA-xfhg-9pjg-xg7g
  • PyPI/vtk
VTK NULL pointer dereference vulnerability
  • 8.1.0
  • 8.1.1
  • 8.1.2
  • 9.0.0
2022-10-04T06:40:35.936224Z Fix available
GHSA-237r-mx84-7x8c
  • PyPI/vncauthproxy
VNCAuthProxy authentication bypass vulnerability
  • 0.9
  • 1.0
  • 1.1.1
2022-10-04T06:40:04.792231Z Fix available
GHSA-6hcj-qrw3-m66q
  • PyPI/fava
Fava before 1.22.3 vulnerable to reflected cross-site scripting
  • 0.0.0
  • 1.10
  • 1.11
  • 1.12
  • 1.13
  • 1.14
  • 1.15
  • ...
2022-10-04T06:39:49.901957Z Fix available
GHSA-3fhq-72hw-jqwv
  • PyPI/rdiffweb
rdiffweb's lack of token name length limit can result in DoS or memory corruption
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-10-03T22:37:57.154991Z Fix available
GHSA-62g7-fpv9-v95f
  • PyPI/inventree
Inventree vulnerable to Stored Cross-site Scripting
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.0.7
  • ...
2022-10-03T22:37:42.786627Z Fix available
GHSA-fqfg-c577-2vc3
  • PyPI/rdiffweb
rdiffweb's unlimited length Fullname field can lead to DoS
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-10-01T07:43:35.892461Z No fix available
GHSA-w4pr-4vjg-hffh
  • PyPI/matrix-nio
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
  • 0.10.0
  • 0.11.0
  • 0.11.1
  • 0.11.2
  • 0.12.0
  • 0.13.0
  • 0.14.0
  • ...
2022-10-01T07:42:50.155444Z Fix available
GHSA-7fqm-jm52-f9vc
  • PyPI/rdiffweb
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-09-30T06:16:35.750098Z Fix available
GHSA-qrj3-hrgj-fm7r
  • PyPI/rdiffweb
rdiffweb's unlimited length email field can lead to DoS
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-09-30T05:54:09.903942Z Fix available
GHSA-qq29-5vjh-vxwr
  • PyPI/rdiffweb
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-09-30T05:18:03.161405Z Fix available
GHSA-hrj7-f62f-j7x7
  • PyPI/rdiffweb
rdiffweb allows unlimited length of root directory name, which could result in DoS
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.10.6
  • 0.10.7
  • ...
2022-09-30T04:59:37.124167Z Fix available
GHSA-6hrg-qmvc-2xh8
  • PyPI/joblib
joblib vulnerable to arbitrary code execution
  • 0.10.0
  • 0.10.2
  • 0.10.3
  • 0.11
  • 0.11a3
  • 0.12.0
  • 0.12.1
  • ...
2022-09-30T04:54:17.511079Z Fix available
GHSA-mfpj-3qhm-976m
  • PyPI/asyncua
  • PyPI/opcua
Uncontrolled Resource Consumption in asyncua and opcua
  • 0.5.0
  • 0.5.1
  • 0.6.0
  • 0.6.1
  • 0.8.0
  • 0.8.1
  • 0.8.2
  • ...
2022-09-30T02:56:43.318812Z Fix available