Malicious code in requestts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c0ffc8f86c690c110698019cf875b931478cfd7c059ea4da99532950ae57829 Malicious packages typosquatting the popular requests package. payload execute a cryptomining malware...

Malicious code in equests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b07d61adac5cc418902b2b527453dcd02eacb4411a61ea7456c8a9546479e59a Malicious packages typosquatting the popular requests package. payload execute a cryptomining malware...

PYSEC-2022-199

The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items when instantiating Ctx objects...

CVE-2022-28470

marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor...

PYSEC-2022-185

marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor...

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An input validation error vulnerability exists in Gitlab Community Edition...

CVE-2022-0339

Server-Side Request Forgery SSRF in Pypi calibreweb prior to 0.6.16...

CVE-2022-0273

Improper Access Control in Pypi calibreweb prior to 0.6.16...

PYSEC-2022-22

Improper Access Control in Pypi calibreweb prior to 0.6.16...

PYSEC-2022-18

Cross-site Scripting XSS - Reflected in Pypi calibreweb prior to 0.6.16...

PYSEC-2021-840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

PyPI Python Package Repository Patches Critical Supply Chain Flaw

The maintainers of Python Package Index PyPI last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanes...

Cryptominers Slither into Python Projects in Supply-Chain Campaign

A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29606 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29606 Source advisory: OSV:PYSEC-2021-534...

RHEL 8 : python-pip (RHSA-2020:4432)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4432 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package...

UBUNTU-CVE-2020-13328

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-57833)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...

RHEL 8 : python-pip (RHSA-2020:1916)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1916 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python...

python3 security update

CentOS Errata and Security Advisory CESA-2020:0850 An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

aileen (>=0.2.0.dev20181221 <=0.2.1), autogenerated-api (=1.1.9) +37 more potentially affected by CVE-2019-6975 via django (>=1.11.0 <=1.11.18)

django PYPI version =1.11.0, =0.2.0.dev20181221, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =1.0.1 - django-defender =0.5.0 - django-galaxy =0.0.1 - django-gfiles =0.0.1 and more Source cves: CVE-2019-6975 Source advisory: OSV:PYSEC-2019-18...