ROOT-APP-PYPI-CVE-2022-31777 CVE-2022-31777 in rootio-pyspark - Patched by Root

Root has patched CVE-2022-31777 in the rootio-pyspark package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-22946 CVE-2023-22946 in rootio-pyspark - Patched by Root

Root has patched CVE-2023-22946 in the rootio-pyspark package for Root:PyPI. Multiple fixed versions available...

dagster-snowflake-pandas (>=0.17.3 <=0.29.0), dagster-snowflake-polars (>=0.27.2 <=0.29.0) +2 more potentially affected by CVE-2026-41490 via dagster-snowflake (>=0.17.21 <=0.29.0)

dagster-snowflake PYPI version =0.17.21, =0.17.3, =0.27.2, =0.17.21, =1.0.0, =1.1.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERSNOWFLAKE-16109579...

dagster-gcp-pandas (>=0.17.21 <=0.29.0), dagster-gcp-pyspark (>=0.17.21 <=0.29.0) +1 more potentially affected by CVE-2026-41490 via dagster-gcp (>=0.17.21 <=0.29.0)

dagster-gcp PYPI version =0.17.21, =0.17.21, =0.17.21, =0.1.0, =0.1.6 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERGCP-16109578...

abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +232 more potentially affected by CVE-2025-55039 via pyspark (>=2.1.2 <=3.4.2)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =1.0.2 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

beam-pyspark-runner (>=0.0.1 <=0.0.3), brel-xbrl (=0.8.2a1) +53 more potentially affected by CVE-2025-55039 via pyspark (>=3.5.0 <=3.5.1)

pyspark PYPI version =3.5.0, =0.0.1, =1.3.2, =0.13.0, =0.0.1, =1.2.17, =0.0.0, =5.0.0, =0.0.3, =1.1.0 - hari-data =0.1.5 - hermione-databricks =1.0.1 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +232 more potentially affected by CVE-2025-55039 via pyspark (>=2.1.2 <=3.4.2)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =1.0.2 and more Source cves: CVE-2025-55039 Source advisory: OSV:PYSEC-2025-184...

beam-pyspark-runner (>=0.0.1 <=0.0.3), brel-xbrl (=0.8.2a1) +53 more potentially affected by CVE-2025-55039 via pyspark (>=3.5.0 <=3.5.1)

pyspark PYPI version =3.5.0, =0.0.1, =1.3.2, =0.13.0, =0.0.1, =1.2.17, =0.0.0, =5.0.0, =0.0.3, =1.1.0 - hari-data =0.1.5 - hermione-databricks =1.0.1 and more Source cves: CVE-2025-55039 Source advisory: OSV:PYSEC-2025-184...

EUVD-2018-0127

Malware in sbrugna...

CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

PySpark Detection

A PySpark Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208139; scriptversion"1.6";...

Internet Bug Bounty: CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE

Apache Airflow Spark Provider before 4.1.3 was affected by a deserialization vulnerability that allowed remote code execution RCE. Attackers could exploit this vulnerability by configuring a malicious Spark server address through the Airflow UI, which would then manipulate the PySpark clients...

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +74 more potentially affected by CVE-2022-33891 +1 more via pyspark (>=3.1.1 <=3.2.1)

pyspark PYPI version =3.1.1, =0.1.2, =0.1.1, =0.1.5, =0.0.2, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.1, =0.42.2 and more Source cves: CVE-2022-33891, CVE-2023-32007 Source advisory: OSV:GHSA-59HW-J9G6-MFG3...

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-33891 +1 more via pyspark (>=2.1.2 <=3.2.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-33891, CVE-2023-32007 Source advisory: OSV:PYSEC-2023-72...

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +191 more potentially affected by CVE-2023-22946 via pyspark (>=2.1.2 <=3.3.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:GHSA-329J-JFVR-RHR6...

abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +215 more potentially affected by CVE-2023-22946 via pyspark (>=2.1.2 <=3.3.4)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:PYSEC-2023-44...

SUSE CVE-2018-11760

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

cuallee (>=0.0.2 <=0.1.1), datupapi (>=1.107.2rc3 <=1.107.2rc9) +22 more potentially affected by CVE-2022-31777 via pyspark (=3.3.0)

pyspark PYPI version =3.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyspark and may be impacted: - cuallee =0.0.2, =1.107.2rc3, =0.0.2.3, =0.3.1, =4.0.0, =0.3.3, =3.0.0, =1.1.1, =2.0.1, =2022.10.19.dev1, =2.1.3, =2.1.7 and more Source cves:...

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:PYSEC-2022-42976...