click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2026-39987 via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2026-39987 Source advisory: SNYK:PYTHON-MARIMO-15954201...

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2025-39987 +1 more via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2025-39987, CVE-2026-39987 Source advisory: OSV:GHSA-2679-6MX9-H9XC...

CVE-2018-1000635

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been...

GHSA-J4GV-6X9V-V23G OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...

omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by unknown CVE via omero-web (=5.13.0)

omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....

EUVD-2025-199100

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack...

EUVD-2019-19298

Malware in sbrugna...

EUVD-2019-19297

Malware in sbrugna...

EUVD-2020-27899

Malware in sbrugna...

EUVD-2019-7052

Malware in sbrugna...

EUVD-2020-0120

Malware in sbrugna...

EUVD-2017-1569

Malware in sbrugna...

EUVD-2014-7072

Malware in sbrugna...

CVE-2025-54791

OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...

GHSA-GPMG-4X4G-MR5R OMERO.web displays unecessary user information when requesting password reset

Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...

OMERO.web displays unecessary user information when requesting password reset

Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...

omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2025-54791 via omero-web (=5.13.0)

omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....

Information Exposure

Overview omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure via the getGuestConnection function in the webadmin/views.py file. An attacker can obtain unnecessary user information by triggering error messages during password reset attempts. Workaroun...

omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2025-54791 via omero-web (=5.13.0)

omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....