Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-f83h-ghpp-7wcc
  • PyPI/pdfminer-six
 Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc yesterday
  • Fix available
  • Severity - 7.8 (High)
GHSA-wf5f-4jwr-ppcp
  • PyPI/pdfminer-six
 Arbitrary Code Execution in pdfminer.six via Crafted PDF Input yesterday
  • Fix available
  • Severity - 8.6 (High)
GHSA-vm2f-46xc-5jc3
  • PyPI/astrbot
 AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 yesterday
  • No fix available
  • Severity - 5.7 (Medium)
GHSA-xrj9-mw57-j34v
  • PyPI/astrbot
 AstrBot contains a directory traversal vulnerability yesterday
  • No fix available
  • Severity - 8.7 (High)
GHSA-cm35-v4vp-5xvx
  • npm/open-webui
  • PyPI/open-webui
 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events yesterday
  • Fix available
  • Severity - 7.3 (High)
GHSA-w7xj-8fx7-wfch
  • npm/open-webui
  • PyPI/open-webui
 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE yesterday
  • Fix available
  • Severity - 8.7 (High)
GHSA-w832-gg5g-x44m
  • PyPI/datasette
 Open redirect endpoint in Datasette 2 days ago
  • Fix available
GHSA-wwqv-p2pp-99h5
  • PyPI/langgraph-checkpoint
 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer 3 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-gr35-vpx2-qxhc
  • PyPI/weblate
 Weblate leaks the IP of project member inviting user to be reviewer in Audit log 3 days ago
  • Fix available
  • Severity - 2.6 (Low)
GHSA-frmv-pr5f-9mcr
  • PyPI/django
 Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. 3 days ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-qw25-v68c-qjf3
  • PyPI/django
 Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-m35w-xx8c-6xc7
  • PyPI/doris-mcp-server
 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-crvm-xjhm-9h29
  • PyPI/octoprint
 OctoPrint vulnerable to XSS in Action Commands Notification and Prompt 4 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-4vcx-3pj3-44m7
  • PyPI/dosage
 Dosage vulnerable to a Directory Traversal through crafted HTTP responses 4 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-vvw2-h478-xwr3
  • PyPI/dspy
 DSPy does not properly restrict file reads 4 days ago
  • No fix available
  • Severity - 5.9 (Medium)
GHSA-j945-qm58-4gjx
  • PyPI/motioneye
 motionEye vulnerable to RCE via unsanitized motion config parameter 5 days ago
  • Fix available
  • Severity - 7.2 (High)
Load more...