Mpmath 安全漏洞

Mpmath is a free BSD-licensed Python library for real and complex floating-point operations with arbitrary precision. A security vulnerability exists in Mpmath version 1.0.0, which stems from a Regular Expression Denial of Service ReDOS that occurs when an application examines a carefully crafted...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

faradaysec (>=3.14.1 <=3.14.4), flask-authoob (>=0.0.21 <=0.0.34) +4 more potentially affected by CVE-2021-32618 via flask-security-too (>=3.2.0rc1 <=4.0.1)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =6.0.0, =6.4.0 Source cves: CVE-2021-32618 Source advisory: OSV:PYSEC-2021-123...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1353 more potentially affected by CVE-2021-29572 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29572 Source advisory: OSV:PYSEC-2021-209...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4664 more potentially affected by CVE-2021-29534 via tensorflow (>=1.0.1 <=2.2.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-29534 Source advisory: OSV:PYSEC-2021-171...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +94 more potentially affected by CVE-2021-29610 via tensorflow (>=2.4.0 <=2.4.2)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.7.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.7.4 and more Source cves: CVE-2021-29610 Source advisory: OSV:PYSEC-2021-247...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +88 more potentially affected by CVE-2021-29607 via tensorflow (>=2.2.0 <=2.2.2)

tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2021-29607 Source advisory: OSV:PYSEC-2021-244...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +91 more potentially affected by CVE-2021-29573 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29573 Source advisory: OSV:PYSEC-2021-210...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1353 more potentially affected by CVE-2021-29607 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29607 Source advisory: OSV:PYSEC-2021-244...

accuinsight (>=1.0.47 <=1.0.61), adapt-diagnostics (=1.2.0) +170 more potentially affected by CVE-2021-29551 via tensorflow (>=2.2.0 <=2.3.0)

tensorflow PYPI version =2.2.0, =1.0.47, =0.1.0, =0.10.0, =0.5.0, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29551 Source advisory: OSV:PYSEC-2021-188...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4664 more potentially affected by CVE-2021-29535 via tensorflow (>=1.0.1 <=2.2.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-29535 Source advisory: OSV:PYSEC-2021-172...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +109 more potentially affected by CVE-2021-29559 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-29559 Source advisory: OSV:PYSEC-2021-196...

c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2021-29550 via tensorflow-cpu (=2.3.1)

tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2021-29550 Source advisory: OSV:PYSEC-2021-478...

c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2021-29572 via tensorflow-cpu (=2.3.1)

tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2021-29572 Source advisory: OSV:PYSEC-2021-500...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4664 more potentially affected by CVE-2021-29537 via tensorflow (>=1.0.1 <=2.2.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-29537 Source advisory: OSV:PYSEC-2021-174...

accuinsight (>=1.0.47 <=1.0.61), adapt-diagnostics (=1.2.0) +170 more potentially affected by CVE-2021-29589 via tensorflow (>=2.2.0 <=2.3.0)

tensorflow PYPI version =2.2.0, =1.0.47, =0.1.0, =0.10.0, =0.5.0, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29589 Source advisory: OSV:PYSEC-2021-226...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4664 more potentially affected by CVE-2021-29513 via tensorflow (>=1.0.1 <=2.2.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-29513 Source advisory: OSV:PYSEC-2021-150...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1353 more potentially affected by CVE-2021-29584 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29584 Source advisory: OSV:PYSEC-2021-221...

[SECURITY] Fedora 33 Update: python-pikepdf-1.19.4-2.fc33

pikepdf is a Python library for reading and writing PDF files. pikepdf is based on QPDF, a powerful PDF manipulation and repair library...

accession (>=1.9.0 <=3.11.0), agutil (>=2.0.0 <=4.1.0) +139 more potentially affected by CVE-2020-13757 via rsa (>=3.1.4 <=4.0.0)

rsa PYPI version =3.1.4, =1.9.0, =2.0.0, =0.1.2, =2.0.1, =0.1.0, =0.4.1, =0.2.2, =0.0.22, =2.0.0, =0.10.0, =1.0.0, =1.7.35, =0.39.0, =0.52.0 - biggerquery =0.6.0.dev27 and more Source cves: CVE-2020-13757 Source advisory: OSV:GHSA-537H-RV9Q-VVPH...