Lucene search
K
PypaMost viewed

5612 matches found

PyPA
PyPA
•added 2022/11/07 3:15 p.m.•6 views

PYSEC-2022-43084

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

9.8CVSS7.6AI score0.01012EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/11/04 11:0 a.m.•6 views

PYSEC-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...

7.5CVSS7AI score0.01546EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/11/02 12:15 p.m.•6 views

PYSEC-2022-42970

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...

6.1CVSS6.3AI score0.01435EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2022/11/01 4:15 p.m.•6 views

PYSEC-2022-42976

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS6.1AI score0.01473EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/10/16 6:15 a.m.•6 views

PYSEC-2022-304

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS6.8AI score0.0272EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43026

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43019

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

9.8CVSS7AI score0.0483EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43025

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43046

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43095

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43044

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•6 views

PYSEC-2022-43030

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/06 6:16 p.m.•6 views

PYSEC-2022-43157

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4...

5.3CVSS6.8AI score0.00672EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/10/03 12:15 p.m.•6 views

PYSEC-2022-300

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS7AI score0.05088EPSS
Exploits3References5Affected Software1
PyPA
PyPA
•added 2022/09/29 9:15 p.m.•6 views

PYSEC-2022-298

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...

7.5CVSS6.8AI score0.00971EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/09/29 12:15 a.m.•6 views

PYSEC-2022-297

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9...

5.4CVSS6.8AI score0.0055EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/26 7:15 p.m.•6 views

PYSEC-2022-43184

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.5AI score0.00721EPSS
Exploits1References3
PyPA
PyPA
•added 2022/09/26 7:15 p.m.•6 views

PYSEC-2022-292

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.7AI score0.00721EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2022/09/26 5:16 p.m.•6 views

PYSEC-2022-291

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

7.5CVSS6.7AI score0.01429EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/26 11:15 a.m.•6 views

PYSEC-2022-295

Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8...

4.3CVSS6.7AI score0.00553EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/23 10:15 a.m.•6 views

PYSEC-2022-290

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

9.8CVSS6.8AI score0.00727EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/21 12:15 p.m.•6 views

PYSEC-2022-282

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...

4.4CVSS6.9AI score0.00284EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/21 10:15 a.m.•6 views

PYSEC-2022-286

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3...

5.4CVSS6.7AI score0.00545EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/20 6:15 p.m.•6 views

PYSEC-2022-43058

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component opSelecti32srs in wasm3/source/m3exec.h...

7.5CVSS7.3AI score0.0077EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43087

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43092

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43107

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS7AI score0.01005EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43099

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01005EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43101

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43116

The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43125

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43083

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43117

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 4:15 p.m.•6 views

PYSEC-2022-43079

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS7AI score0.01238EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/09/19 3:15 p.m.•6 views

PYSEC-2022-43102

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package...

9.8CVSS7.7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 3:15 p.m.•6 views

PYSEC-2022-43098

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 3:15 p.m.•6 views

PYSEC-2022-43113

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 3:15 p.m.•6 views

PYSEC-2022-43105

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 3:15 p.m.•6 views

PYSEC-2022-43110

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0...

9.8CVSS7.6AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/19 2:15 p.m.•6 views

PYSEC-2022-43118

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0...

9.8CVSS7AI score0.01033EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/13 9:15 p.m.•6 views

PYSEC-2022-43137

LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp...

5.5CVSS7.3AI score0.00287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/09/01 6:51 p.m.•6 views

PYSEC-2022-259

An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication...

9.1CVSS6.9AI score0.0366EPSS
Exploits2References1Affected Software1
PyPA
PyPA
•added 2022/08/26 5:55 p.m.•6 views

PYSEC-2022-251

The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time...

7.2AI score
Exploits0References1Affected Software1
PyPA
PyPA
•added 2022/08/26 4:15 p.m.•6 views

PYSEC-2022-256

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...

6.1CVSS6.8AI score0.00736EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/08/22 12:15 p.m.•6 views

PYSEC-2022-43142

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3...

7.8CVSS6.8AI score0.00334EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/08/09 7:15 a.m.•6 views

PYSEC-2022-43180

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References1
PyPA
PyPA
•added 2022/08/01 10:15 p.m.•6 views

PYSEC-2022-248

Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...

6.5CVSS6.7AI score0.01292EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/07/28 11:15 p.m.•6 views

PYSEC-2022-43136

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

9.8CVSS7.8AI score0.01011EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/07/25 2:15 p.m.•6 views

PYSEC-2022-240

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...

8CVSS6.2AI score0.00698EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/07/22 3:15 p.m.•6 views

PYSEC-2022-241

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party...

9.8CVSS7.7AI score0.01085EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000