Lucene search
K

130 matches found

Chainguard
Chainguard
added 2026/04/10 2:13 a.m.6 views

GHSA-P423-J2CM-9VMQ vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, gitlab-cng-fips, k8s-sidecar, open-webui, dask-kubernetes, mycli, pgadmin4-fips, apache-beam-python-3.13-sdk, superset, apache-beam-python-3.11-sdk, metaflow-service, dagster, nemo, kubeflow-pipelines-visualization-server, vllm-openai-cuda-12.9,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.5 views

CVE-2026-39892 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, gitlab-cng-fips, k8s-sidecar, open-webui, dask-kubernetes, mycli, pgadmin4-fips, apache-beam-python-3.13-sdk, superset, apache-beam-python-3.11-sdk, metaflow-service, dagster, nemo, kubeflow-pipelines-visualization-server, vllm-openai-cuda-12.9,...

9.8CVSS6.4AI score0.00652EPSS
Exploits0
Veracode
Veracode
added 2026/02/21 5:6 a.m.9 views

Cross Site Scripting

distributed is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the Dask dashboard when accessed via Jupyter Lab and jupyter-server-proxy, allowing attackers to craft a malicious URL that triggers script execution and results in...

6.1CVSS6.1AI score0.00205EPSS
Exploits0References2Affected Software1
Wolfi
Wolfi
added 2026/02/04 7:48 p.m.4 views

CVE-2026-1703 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, datadog-agent, py3-cassandra-medusa, py3-virtualenv, pypy-3.10, dask-gateway, tensorflow-cpu-jupyter...

2CVSS6.4AI score0.0039EPSS
Exploits1
Wolfi
Wolfi
added 2026/02/04 7:48 p.m.4 views

GHSA-6VGW-5PG2-W6JP vulnerabilities

Vulnerabilities for packages: kubeflow-katib, datadog-agent, py3-cassandra-medusa, py3-virtualenv, pypy-3.10, dask-gateway, tensorflow-cpu-jupyter...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/02/04 7:17 p.m.7 views

CVE-2026-1703 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, pgadmin4-fips, pypy-3.10, nemo, dask-gateway, airflow, datadog-agent-fips, py3-virtualenv, pgadmin4, kubeflow-katib, localstack, graalvm, request-1276, tensorflow-cpu-jupyter, datadog-agent, awx, tensorflow-gpu-jupyter, ansible-operator,...

2CVSS6.4AI score0.0039EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/04 7:17 p.m.7 views

GHSA-6VGW-5PG2-W6JP vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, pgadmin4-fips, pypy-3.10, nemo, dask-gateway, airflow, datadog-agent-fips, py3-virtualenv, pgadmin4, kubeflow-katib, localstack, graalvm, request-1276, tensorflow-cpu-jupyter, datadog-agent, awx, tensorflow-gpu-jupyter, ansible-operator,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/01/22 7:48 p.m.8 views

CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: datadog-agent, emissary, kubeflow-katib, py3-setuptools, py3-cassandra-medusa, open-webui, pypy-3.11, kserve, kubeflow-jupyter-web-app, superset, airflow, semgrep, mlflow, pypy-3.10, dask-kubernetes, tensorflow-cpu-jupyter...

8.6CVSS7AI score0.00527EPSS
Exploits1
Chainguard
Chainguard
added 2026/01/22 7:17 p.m.12 views

CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: duplicity, py3-cassandra-medusa, open-webui, dask-kubernetes, py3.9-setuptools, superset, emissary, apache-beam-python-3.11-sdk, pypy-3.10, nemo, text-generation-inference, tritonserver-backend-vllm-cuda-12.9, kubeflow-jupyter-web-app, airflow, datadog-agent-fips,...

8.6CVSS7AI score0.00527EPSS
Exploits1
Wolfi
Wolfi
added 2026/01/21 7:48 p.m.5 views

GHSA-58PV-8J8X-9VJ2 vulnerabilities

Vulnerabilities for packages: datadog-agent, emissary, kubeflow-katib, py3-setuptools, py3-cassandra-medusa, open-webui, pypy-3.11, kserve, kubeflow-jupyter-web-app, superset, airflow, semgrep, mlflow, pypy-3.10, dask-kubernetes, tensorflow-cpu-jupyter...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/01/21 7:48 p.m.11 views

CVE-2026-23528 vulnerabilities

Vulnerabilities for packages: dask-gateway, dask-kubernetes...

6.1CVSS6.1AI score0.00205EPSS
Exploits0
Wolfi
Wolfi
added 2026/01/21 7:48 p.m.4 views

GHSA-C336-7962-WFJ2 vulnerabilities

Vulnerabilities for packages: dask-gateway, dask-kubernetes...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/01/21 7:17 p.m.3 views

GHSA-58PV-8J8X-9VJ2 vulnerabilities

Vulnerabilities for packages: duplicity, py3-cassandra-medusa, open-webui, dask-kubernetes, py3.9-setuptools, superset, emissary, apache-beam-python-3.11-sdk, pypy-3.10, nemo, text-generation-inference, tritonserver-backend-vllm-cuda-12.9, kubeflow-jupyter-web-app, airflow, datadog-agent-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/01/21 7:17 p.m.4 views

GHSA-C336-7962-WFJ2 vulnerabilities

Vulnerabilities for packages: dask-gateway, dask-kubernetes...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/01/21 7:17 p.m.21 views

CVE-2026-23528 vulnerabilities

Vulnerabilities for packages: dask-gateway, dask-kubernetes...

6.1CVSS6.1AI score0.00205EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/17 5:19 p.m.7 views

CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

6.1CVSS6.7AI score0.00205EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter- server-proxy, and Dask distributed are all run together...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/16 5:51 p.m.5 views

Cross-site Scripting (XSS)

Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...

7.1CVSS6.4AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 5:15 p.m.10 views

CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

6.1CVSS0.00205EPSS
Exploits0References2
PyPA
PyPA
added 2026/01/16 5:15 p.m.13 views

PYSEC-2026-169

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder