[SECURITY] Fedora 41 Update: python-quart-0.19.8-1.fc41

Quart is an async Python web microframework. Using Quart you can, render and serve HTML templates, write RESTful JSON APIs, serve WebSockets, stream request and response data, do pretty much anything over the HTTP or WebSocket protocols...

Authentication flaw

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...

Ladon Framework For Python 0.9.40 XXE Injection

Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service...

Ladon Framework for Python 0.9.40 - XML External Entity Expansion

Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service...