130 matches found
GHSA-P423-J2CM-9VMQ vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, gitlab-cng-fips, k8s-sidecar, open-webui, dask-kubernetes, mycli, pgadmin4-fips, apache-beam-python-3.13-sdk, superset, apache-beam-python-3.11-sdk, metaflow-service, dagster, nemo, kubeflow-pipelines-visualization-server, vllm-openai-cuda-12.9,...
CVE-2026-39892 vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, gitlab-cng-fips, k8s-sidecar, open-webui, dask-kubernetes, mycli, pgadmin4-fips, apache-beam-python-3.13-sdk, superset, apache-beam-python-3.11-sdk, metaflow-service, dagster, nemo, kubeflow-pipelines-visualization-server, vllm-openai-cuda-12.9,...
Cross Site Scripting
distributed is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the Dask dashboard when accessed via Jupyter Lab and jupyter-server-proxy, allowing attackers to craft a malicious URL that triggers script execution and results in...
CVE-2026-1703 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, datadog-agent, py3-cassandra-medusa, py3-virtualenv, pypy-3.10, dask-gateway, tensorflow-cpu-jupyter...
GHSA-6VGW-5PG2-W6JP vulnerabilities
Vulnerabilities for packages: kubeflow-katib, datadog-agent, py3-cassandra-medusa, py3-virtualenv, pypy-3.10, dask-gateway, tensorflow-cpu-jupyter...
CVE-2026-1703 vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, pgadmin4-fips, pypy-3.10, nemo, dask-gateway, airflow, datadog-agent-fips, py3-virtualenv, pgadmin4, kubeflow-katib, localstack, graalvm, request-1276, tensorflow-cpu-jupyter, datadog-agent, awx, tensorflow-gpu-jupyter, ansible-operator,...
GHSA-6VGW-5PG2-W6JP vulnerabilities
Vulnerabilities for packages: py3-cassandra-medusa, pgadmin4-fips, pypy-3.10, nemo, dask-gateway, airflow, datadog-agent-fips, py3-virtualenv, pgadmin4, kubeflow-katib, localstack, graalvm, request-1276, tensorflow-cpu-jupyter, datadog-agent, awx, tensorflow-gpu-jupyter, ansible-operator,...
CVE-2026-23949 vulnerabilities
Vulnerabilities for packages: datadog-agent, emissary, kubeflow-katib, py3-setuptools, py3-cassandra-medusa, open-webui, pypy-3.11, kserve, kubeflow-jupyter-web-app, superset, airflow, semgrep, mlflow, pypy-3.10, dask-kubernetes, tensorflow-cpu-jupyter...
CVE-2026-23949 vulnerabilities
Vulnerabilities for packages: duplicity, py3-cassandra-medusa, open-webui, dask-kubernetes, py3.9-setuptools, superset, emissary, apache-beam-python-3.11-sdk, pypy-3.10, nemo, text-generation-inference, tritonserver-backend-vllm-cuda-12.9, kubeflow-jupyter-web-app, airflow, datadog-agent-fips,...
GHSA-58PV-8J8X-9VJ2 vulnerabilities
Vulnerabilities for packages: datadog-agent, emissary, kubeflow-katib, py3-setuptools, py3-cassandra-medusa, open-webui, pypy-3.11, kserve, kubeflow-jupyter-web-app, superset, airflow, semgrep, mlflow, pypy-3.10, dask-kubernetes, tensorflow-cpu-jupyter...
CVE-2026-23528 vulnerabilities
Vulnerabilities for packages: dask-gateway, dask-kubernetes...
GHSA-C336-7962-WFJ2 vulnerabilities
Vulnerabilities for packages: dask-gateway, dask-kubernetes...
GHSA-58PV-8J8X-9VJ2 vulnerabilities
Vulnerabilities for packages: duplicity, py3-cassandra-medusa, open-webui, dask-kubernetes, py3.9-setuptools, superset, emissary, apache-beam-python-3.11-sdk, pypy-3.10, nemo, text-generation-inference, tritonserver-backend-vllm-cuda-12.9, kubeflow-jupyter-web-app, airflow, datadog-agent-fips,...
GHSA-C336-7962-WFJ2 vulnerabilities
Vulnerabilities for packages: dask-gateway, dask-kubernetes...
CVE-2026-23528 vulnerabilities
Vulnerabilities for packages: dask-gateway, dask-kubernetes...
CVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
Linux Distros Unpatched Vulnerability : CVE-2026-23528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter- server-proxy, and Dask distributed are all run together...
Cross-site Scripting (XSS)
Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...
CVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
PYSEC-2026-169
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...