18 matches found
PT-2026-28384
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. Prior to version 2.6.0, the image processing pipeline does not remove EXIF metadata, rescale...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-006147)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006147 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded...
GHSA-2XPW-W6GG-JR37 urllib3 streaming API improperly handles highly compressed data
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...
Deserialization of Untrusted Data
Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Deserialization of Untrusted Data when using the torch.load function on an untrusted model with weightsonly=True, which is documented to be secure. Th...
Inefficient Algorithmic Complexity
Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the parsing of specially crafted Markdown...
PT-2024-40232 · League Of Extraordinary Packages · League/Commonmark
Name of the Vulnerable Software and Affected Versions: league/commonmark versions prior to 2.6.0 Description: The issue is related to polynomial time complexity problems in the league/commonmark library, which can lead to unbounded resource exhaustion and denial of service. Malicious users can...
PT-2024-14511 · Unknown · Paddlepaddle
Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is a stack overflow in the paddle.searchsorted function. This flaw can lead to a denial of service or potentially more severe consequences. Recommendations: For versions prior to...
PT-2024-14510 · Unknown · Paddlepaddle
Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is related to a nullptr in paddle.put along axis in PaddlePaddle, which can cause a runtime crash and a denial of service. Recommendations: For versions prior to 2.6.0, update to...
PT-2024-14514 · Unknown · Paddlepaddle
Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is a stack overflow in paddle.linalg.lu unpack that can lead to a denial of service or potentially more severe consequences. Recommendations: For versions prior to 2.6.0, update to...
PT-2024-14520 · Unknown · Paddlepaddle
Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is related to a flaw in paddle.argmin and paddle.argmax that can cause a runtime crash and a denial of service. This flaw can lead to a denial of service. Recommendations: For versio...
Denial of Service (DoS)
Overview muhammara is a Create, read and modify PDF files and streams. A drop in replacement for hummusjs PDF library Affected versions of this package are vulnerable to Denial of Service DoS when PDFStreamForResponse is used with invalid data. PoC js hummus = require'muhammara' writer = new...
CVE-2022-3008 Command Injection on tinygltf
The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...
SQL Injection
Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...
PT-2021-21755 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 Description: The implementation of tf.raw ops.SparseReshape can be made to trigger an integral division by 0 exception. This occurs because the implementation calls the reshaping...
PT-2021-21760 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 Description: The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer...
PT-2021-21773 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: TensorFlow is an end-to-end open source platform for machine learning. In affected versions, an attacker can cause...
PT-2021-21778 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: TensorFlow is an end-to-end open source platform for machine learning. In affected versions, an attacker can cause a...
PT-2021-21772 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: TensorFlow is an end-to-end open source platform for machine learning. In affect...