CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS8AI score0.01071EPSS

Exploits1References5

RedhatCVE•added 2024/01/24 9:49 a.m.•189 views

CVE-2024-23342

A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...

7.4CVSS6.8AI score0.00622EPSS

Exploits1References7

NVD•added 2024/01/23 12:15 a.m.•20 views

CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS7.4AI score0.00622EPSS

Exploits1References4

Cvelist•added 2024/01/22 11:9 p.m.•25 views

CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256

7.4CVSS7.6AI score0.00622EPSS

Exploits1References4

Kitploit•added 2023/11/24 11:30 a.m.•25 views

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

7.6AI score

Exploits0References2

Veracode•added 2023/10/24 3:30 a.m.•11 views

Improper Input Validation

pdm is vulnerable to Improper Input Validation. The vulnerability exists in the readlockfile function at repositories.py due to lack of input validations which allows an attacker to trick a user into installing a malicious open source PyPi package...

7.8CVSS6.9AI score0.0011EPSS

Exploits1References5Affected Software1

vulnersOsv•added 2023/08/14 9:34 p.m.•0 views

abracadabra (>=0.0.0 <=0.0.7), aegis-tools (>=0.0.3 <=2.3.6) +621 more potentially affected by unknown CVE via tornado (>=3.0.0 <=6.3.2)

tornado PYPI version =3.0.0, =0.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =3.3.3, =0.0.9.1, =6.0.2, =1.1.8, =3.9.0, =22.5.13, =0.0.2, =0.0.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QPPV-J76H-2RPX...

5.8AI score

Exploits0

SUSE CVE•added 2023/07/04 2:10 a.m.•2 views

SUSE CVE-2023-31543

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...

9.8CVSS7.8AI score0.00833EPSS

Exploits1References3

Github Security Blog•added 2023/06/30 9:30 p.m.•12 views

pipreqs vulnerable to Dependency Confusion

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...

9.8CVSS7.8AI score0.00833EPSS

Exploits1References7Affected Software1

NVD•added 2023/06/30 8:15 p.m.•7 views

CVE-2023-31543

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server...

9.8CVSS9.6AI score0.00833EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by