CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-0470

Malware in sbrugna...

9.3CVSS7.6AI score0.0086EPSS

Exploits0References6

RedhatCVE•added 2025/05/22 9:25 p.m.•6 views

CVE-2021-38305

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

9.3CVSS7.8AI score0.0086EPSS

Exploits0References1

The Hacker News•added 2021/10/07 11:50 a.m.•48 views

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 CVSS score: 7.8, involves manipulating the schema file...

9.3CVSS1AI score0.0086EPSS

Exploits0

vulnersOsv•added 2021/08/11 3:19 p.m.•2 views

esmvalcore (>=2.0.0 <=2.2.0), esque (>=0.2.0 <=0.3.1) +7 more potentially affected by CVE-2021-38305 via yamale (>=1.10.1 <=3.0.7)

yamale PYPI version =1.10.1, =2.0.0, =0.2.0, =0.1.0, =0.0.2, =1.0.0, =0.0.1.dev3092, =0.1.0b0, =0.1.0b6 Source cves: CVE-2021-38305 Source advisory: OSV:GHSA-435P-F82X-MXWM...

9.3CVSS7.3AI score0.0086EPSS

Exploits0

Github Security Blog•added 2021/08/11 3:19 p.m.•64 views

Command injection in Yamale

9.3CVSS7.8AI score0.0086EPSS

Exploits0References5Affected Software1

OSV•added 2021/08/11 3:19 p.m.•2 views

GHSA-435P-F82X-MXWM Command injection in Yamale

8.5CVSS6.3AI score0.0086EPSS

Exploits0References5

OSV•added 2021/08/09 9:15 p.m.•27 views

CVE-2021-38305

7.8CVSS7.9AI score

Exploits0References2

NVD•added 2021/08/09 9:15 p.m.•20 views

CVE-2021-38305

9.3CVSS0.0086EPSS

Exploits0References2

OSV•added 2021/08/09 9:15 p.m.•1 views

PYSEC-2021-119

9.3CVSS7.6AI score0.0086EPSS

Exploits0References3

PyPA•added 2021/08/09 9:15 p.m.•5 views

PYSEC-2021-119

9.3CVSS8AI score0.0086EPSS

Exploits0References3Affected Software1

vulnersOsv•added 2021/08/09 9:15 p.m.•4 views

esmvalcore (>=2.0.0 <=2.2.0), esque (>=0.2.0 <=0.3.1) +7 more potentially affected by CVE-2021-38305 via yamale (>=1.10.1 <=3.0.7)

yamale PYPI version =1.10.1, =2.0.0, =0.2.0, =0.1.0, =0.0.2, =1.0.0, =0.0.1.dev3092, =0.1.0b0, =0.1.0b6 Source cves: CVE-2021-38305 Source advisory: OSV:PYSEC-2021-119...

9.3CVSS7.3AI score0.0086EPSS

Exploits0

CVE•added 2021/08/09 8:48 p.m.•110 views

CVE-2021-38305

CVE-2021-38305 (23andMe Yamale) : A code-execution vulnerability in Yamale before 3.0.8 allows a specially crafted schema file to trigger Python eval, enabling arbitrary commands on the host running Yamale. Root cause: the schema parser evaluates user-supplied expressions, with limited builtins, ...

9.3CVSS7.8AI score0.0086EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/08/09 8:48 p.m.•21 views

CVE-2021-38305

8.1AI score0.0086EPSS

Exploits0References2

CNNVD•added 2021/08/09 12:0 a.m.•2 views

23andMe Yamale 代码问题漏洞

23andMe Yamale is the architecture and validator for open source YAML. A code issue vulnerability exists in 23andMe Yamale that stems from the pattern parser in 23andMe Yamale prior to version 3.0.8 using eval as part of its processing and attempting to prevent malicious expressions by limiting t...

9.3CVSS8AI score0.0086EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by