15 matches found
EUVD-2024-2041
Malicious code in bioql PyPI...
EUVD-2024-1888
Malicious code in bioql PyPI...
EUVD-2024-2020
Malicious code in bioql PyPI...
CVE-2024-37063
A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +114 more potentially affected by CVE-2024-37063 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37063 Source advisory: OSV:GHSA-2R57-2MRH-GGJV...
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +114 more potentially affected by CVE-2024-37062 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37062 Source advisory: OSV:GHSA-FPVJ-M2H6-6WC5...
aa-prepflow (>=0.1.0 <=0.1.1), agentsociety2 (>=2.0.0 <=2.2.0) +114 more potentially affected by CVE-2024-37064 via ydata-profiling (>=4.0.0 <=4.7.0)
ydata-profiling PYPI version =4.0.0, =0.1.0, =2.0.0, =0.74.0, =1.0.0, =0.1.0, =0.8.0, =0.1.2, =1.0.0, =2.0.1, =2.2.1 - classifier-toolkit =0.1.0 and more Source cves: CVE-2024-37064 Source advisory: OSV:GHSA-CG49-HRJ4-3RPR...
GHSA-CG49-HRJ4-3RPR ydata unsafe deserialization
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...
ydata unsafe deserialization
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...
ydata unsafe deserialization
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...
GHSA-FPVJ-M2H6-6WC5 ydata unsafe deserialization
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...
CVE-2024-37064
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...
CVE-2024-37062
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...
CVE-2024-37064
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...
CVE-2024-37062
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...