Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-36189 via langchain (>=0.0.100 <=0.0.246)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-36189 Source advisory: OSV:PYSEC-2023-110...

CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

CVE-2023-34457

The CVE-2023-34457 affects MechanicalSoup prior to 1.3.0, where a malicious server could cause the client to upload local files via an HTML input type="file" in forms. Root cause: form submission logic uses the tag value to read a file path and attach it to the request, enabling unintended disclo...

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

Command injection

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

CVE-2023-35932 jcvi vulnerable to Configuration Injection due to unsanitized user input

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

CVE-2023-35932 jcvi vulnerable to Configuration Injection due to unsanitized user input

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

CVE-2023-35932

CVE-2023-35932 (jcvi) : The jcvi Python library is vulnerable to a configuration injection via unsanitized user input that reaches the configuration file (notably ~/.jcvirc). The issue centers on the code path in jcvi/apps/base.py where a user-provided value is stored as a path for binaries; unde...

jcvi 命令注入漏洞

jcvi is a python library. A command injection vulnerability exists in jcvi 1.3.5 and earlier versions, which stems from allowing an attacker to perform command injection by constructing a payload...

CVE-2023-34239

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

Design/Logic Flaw

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

PYSEC-2023-90

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

Exploit for Code Injection in Reportlab

CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY tl...

Exploit for OS Command Injection in Zyxel Atp100_Firmware

CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...

The vulnerability of the ContentStream._readInlineImage function in the PDF processing library PyPDF2, which allows a hacker to trigger a service failure.

The vulnerability of the ContentStream.readInlineImage function in the PDF processing library PyPDF2 is related to an incorrect implementation of the exit condition from the loop. Exploiting this vulnerability allows a malicious actor to cause service failure by using a specially created PDF file...

Fedora: Security Advisory for python-cairosvg (FEDORA-2023-ab86bdbce6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1678136626 python: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

[SECURITY] [DLA 3331-2] python-cryptography security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3331-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 27, 2023 https://wiki.debian.org/LTS -...

Malicious code in libpushhttpget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 35c9d6a7fed6e993876def2d1dfeb1b9ebfb8a851937b88de185bbe84a9e67d6 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...