3786 matches found
PYSEC-2026-168
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...
PYSEC-2026-30
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...
PYSEC-2026-129
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...
PYSEC-2026-165
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
PYSEC-2026-119
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...
PYSEC-2026-24
Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...
PYSEC-2026-25
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
PYSEC-2026-13
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.Users are recommended to upgrade to Apache Airflow 3.2.0, whi...
PYSEC-2026-130
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
PYSEC-2026-16
Apache Airflow versions 3.1.0 through 3.1.7session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
PYSEC-2026-112
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...
PYSEC-2026-47
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28..QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation.Earlier,...
PYSEC-2026-102
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata...
PYSEC-2026-86
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
PYSEC-2025-218
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...
PYSEC-2025-104
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL.Earlier,...
PYSEC-2025-100
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldloggerlibrary, which is executed by the CodeChecker logcommand.This issue affects...
PYSEC-2025-207
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service DoS...
PYSEC-2025-199
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error...
PYSEC-2025-101
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollectinfooptions.log and syncgateway.log, there are cleartext passwords in redacted and unredacted output...
PYSEC-2025-71
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...
PYSEC-2025-41
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
PYSEC-2025-35
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
PYSEC-2025-99
A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...
PYSEC-2025-84
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
PYSEC-2024-274
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/componentmeta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself...
PYSEC-2024-296
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web...
PYSEC-2024-277
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
PYSEC-2023-264
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG.This Javascript can be executed on the client side of any of the user who looks at the tasks in the...
PYSEC-2023-315
SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
PYSEC-2023-5
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....
PYSEC-2022-210
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...
PYSEC-2020-261
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...
PYSEC-2020-39
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...
PYSEC-2019-257
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
PYSEC-2017-85
txAWS all current versions fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure...
PYSEC-2026-198
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...
PYSEC-0000-CVE-2026-8643
pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...
PYSEC-0000-CVE-2026-42252
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
PYSEC-0000-CVE-2026-45192
A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...
PYSEC-0000-CVE-2026-44681
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...
PYSEC-2026-167
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...
PYSEC-2026-156
Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...
PYSEC-2026-154
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...
PYSEC-2026-20
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.Users are recommended to upgrade to Apache Airflow 3.2.0, whi...
PYSEC-2026-70
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...
PYSEC-2026-28
changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @loginoptionallyrequired decorator is placed before outer to @blueprint.route instead of after it. In Flask, @route must be the outermost decorator because it registers the function it receives. When the...
PYSEC-2026-48
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace.Earlier, unsupported Django series such as...
PYSEC-2026-72
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...
PYSEC-2026-103
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...