Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the failure to properly clean the PIPINDEXURL and UVINDEXURL environment variables in the host executio...

6.1CVSS5.9AI score0.00125EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7947

Malware in sbrugna...

7.8CVSS7.6AI score0.01339EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/01/12 10:29 p.m.67 views

Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

9.3CVSS0.8AI score0.03897EPSS
Exploits1References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/10 9:15 p.m.9 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.9AI score0.03897EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2022/01/10 9:15 p.m.6 views

PYSEC-2022-6

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.8AI score0.03897EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/01/10 9:15 p.m.2 views

UBUNTU-CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

8.6CVSS6.5AI score0.03897EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.6 views

PT-2022-15021

Name of the Vulnerable Software and Affected Versions pipenv versions 2018.10.9 through 2022.1.8 Description A flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file. This will cause victims w...

9.3CVSS8AI score0.03897EPSS
Exploits1References24
Rows per page
Query Builder