Lucene search
K

25 matches found

Github Security Blog
Github Security Blog
added 2026/03/07 2:32 a.m.8 views

Black's vulnerable version parsing leads to RCE in GitHub Action

Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/06/16 8:38 p.m.21 views

CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

9.2CVSS0.00545EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.1 views

Conda-build 安全漏洞

Conda-build is a Conda open source command and tool for building conda packages. A security vulnerability exists in Conda-build versions prior to 25.3.0, which stems from the listing of unreleased dependencies in pyproject.toml and could lead to malicious code injection...

9.8CVSS6.9AI score0.00545EPSS
Exploits1References4
Mageia
Mageia
added 2022/06/09 8:49 p.m.26 views

Updated python-ujson packages fix security vulnerability

Benchmark refactor - argparse CLI. Fix segmentation faults when errors occur while handling unserialisable objects. Fix segmentation fault when an exception is raised while converting a dict key to a string. Fix memory leak dumping on non-string dict keys - Fix ref counting on repeated default...

2.8AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2020/03/24 3:7 p.m.4 views

acceldata-o2a (=1.0.0), aleksis-builddeps (>=2021.12.0.post0 <=2022.6.1) +24 more potentially affected by CVE-2020-5252 via safety (>=0.3.0 <=1.8.7)

safety PYPI version =0.3.0, =2021.12.0.post0, =1.1.0, =0.9.0, =0.1.24, =2020.0.2, =0.0.0, =0.2.0.dev20170127093917, =0.1.0, =0.0.12, =0.0.1, =0.0.2 and more Source cves: CVE-2020-5252 Source advisory: OSV:GHSA-7Q25-QRJW-6FG2...

5CVSS5.8AI score0.00366EPSS
Exploits0
Rows per page
Query Builder