5624 matches found
PYSEC-2025-222
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
PYSEC-2025-83
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
PYSEC-2025-63
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code...
PYSEC-2025-223
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...
PYSEC-2025-122
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
PYSEC-2025-159
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...
PYSEC-2025-24
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg...
Exfiltrates user cookies to hardcoded server endpoint during normal operations
Published in 2020, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...
PYSEC-2025-18
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
PYSEC-2025-30
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...
PYSEC-2025-130
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgpathaddpath...
PYSEC-2025-1
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
PYSEC-2024-297
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...
A number of releases of ultralytics contained malicious crypto miner software.
Ultralytics has identified a supply chain attackaffecting affecting multiple versions of the ultralytics package.The compromised versions contained unauthorized code thatdownloaded and executed cryptocurrency mining softwarewhen instantiating YOLO models.This code was injected into the PyPI relea...
PYSEC-2024-159
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
aiocpa 0.1.13 contains credential harvesting code
aiocpa is a user-facing library for generating color gradients of text.Version 0.1.13 introduced obfuscated, malicious code targetingCrypto Pay users, forwarding client credentials to a remote Telegram bot.All versions have been removed from PyPI...
PYSEC-2024-187
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
PYSEC-2024-227
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
PYSEC-2024-303
wasm3 139076a is vulnerable to Denial of Service DoS...
PYSEC-2024-183
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...
PYSEC-2024-279
langflow v1.0.12 was discovered to contain a remote code execution RCE vulnerability via the PythonCodeTool component...
PYSEC-2024-311
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption...
PYSEC-2024-81
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...
PYSEC-2024-78
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the cod...
PYSEC-2024-90
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the...
PYSEC-2024-260
Withdrawn as duplicate of PYSEC-2024-71. A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant...
PYSEC-2024-59
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. getsupportedlanguagevariant was subject to a potential denial-of-service attack when used with very long strings containing specific characters...
PYSEC-2024-58
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...
PYSEC-2024-176
A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...
PYSEC-2024-76
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
PYSEC-2024-108
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...
PYSEC-2024-193
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized...
PYSEC-2024-258
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...
PYSEC-2024-264
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.Users are recommended to upgrade to version 2.9.1, which fixes this issue...
PYSEC-2024-307
wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c...
PYSEC-2024-309
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3compile.c...
PYSEC-2024-308
wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3compile.c...
PYSEC-2024-185
Nebari through 2024.4.1 prints the temporary Keycloak root password...
PYSEC-2024-255
Gradio before 4.20 allows credential leakage on Windows...
PYSEC-2024-285
lunasvg v2.3.9 was discovered to contain a segmentation violation via the component compositionsolidsourceover...
PYSEC-2024-282
lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h...
PYSEC-2024-207
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...
PYSEC-2024-271
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...
PYSEC-2024-49
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
PYSEC-2024-241
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
PYSEC-2024-150
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...
PYSEC-2024-29
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...
PYSEC-2024-151
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...
PYSEC-2024-25
DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...
PYSEC-2024-5
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0...