Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2024-55 |
|
Malicious package. Exfiltrated secrets to a target server. | cipherbcrypt | 0001-01-01T00:00:00+00:00 | |
| pysec-2010-13 |
|
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inapprop… | moin | 2010-03-29T20:30:00Z | 2010-05-27T05:47:00Z |
| pysec-2010-20 |
|
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 al… | pyftpdlib | 2010-10-19T20:00:00Z | 2010-10-20T04:00:00Z |
| pysec-2010-21 |
|
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for … | pyftpdlib | 2010-10-19T20:00:00Z | 2010-10-20T04:00:00Z |
| pysec-2010-22 |
|
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PA… | pyftpdlib | 2010-10-19T20:00:00Z | 2010-10-20T04:00:00Z |
| pysec-2010-23 |
|
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of servi… | pyftpdlib | 2010-10-19T20:00:00Z | 2010-10-20T04:00:00Z |
| pysec-2010-24 |
|
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number… | pyftpdlib | 2010-10-19T20:00:00Z | 2010-10-20T04:00:00Z |
| pysec-2010-25 |
|
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP conn… | pyftpdlib | 2010-10-19T20:00:00Z | 2010-10-20T04:00:00Z |
| pysec-2009-6 |
|
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1… | moin | 2009-04-29T18:30:00Z | 2017-08-17T01:30:00Z |
| pysec-2019-113 |
|
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP heade… | pypiserver | 2019-01-25T04:29:00Z | 2019-01-25T19:42:00Z |
| pysec-2019-122 |
|
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixt… | sqla-yaml-fixtures | 2019-01-03T19:29:00Z | 2019-01-31T18:00:00Z |
| pysec-2019-7 |
|
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of … | buildbot | 2019-02-03T08:29:00Z | 2019-02-06T21:48:00Z |
| pysec-2019-1 |
|
aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vu… | aioxmpp | 2019-02-04T21:29:00Z | 2019-02-15T15:00:00Z |
| pysec-2019-139 |
|
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other produ… | webargs | 2019-03-12T02:29:00Z | 2019-03-12T13:09:00Z |
| pysec-2019-21 |
|
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml met… | donfig | 2019-03-21T20:29:00Z | 2019-03-26T14:13:00Z |
| pysec-2019-107 |
|
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0… | nnabla | 2019-04-04T05:29:00Z | 2019-04-05T20:09:00Z |
| pysec-2019-17 |
|
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper… | django | 2019-01-09T23:29:00Z | 2019-04-23T13:11:00Z |
| pysec-2019-6 |
|
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token f… | buildbot | 2019-05-23T15:30:00Z | 2019-06-07T18:29:00Z |
| pysec-2019-79 |
|
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2… | django | 2019-06-03T17:29:00Z | 2019-06-12T17:29:00Z |
| pysec-2019-132 |
|
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attac… | urllib3 | 2019-04-15T15:29:00Z | 2019-06-13T04:29:00Z |
| pysec-2019-109 |
|
** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 hand… | parso | 2019-06-06T19:29:00Z | 2019-07-05T11:15:00Z |
| pysec-2019-20 |
|
verification.py in django-rest-registration (aka Django REST Registration library) before… | django-rest-registration | 2019-07-02T22:15:00Z | 2019-07-12T13:52:00Z |
| pysec-2019-26 |
|
invenio-previewer before 1.0.0a12 allows XSS. | invenio-previewer | 2019-07-29T14:15:00Z | 2019-07-31T19:44:00Z |
| pysec-2019-24 |
|
invenio-app before 1.1.1 allows host header injection. | invenio-app | 2019-07-29T15:15:00Z | 2019-08-01T16:12:00Z |
| pysec-2019-27 |
|
invenio-records before 1.2.2 allows XSS. | invenio-records | 2019-07-29T15:15:00Z | 2019-08-01T16:29:00Z |
| pysec-2019-25 |
|
invenio-communities before 1.0.0a20 allows XSS. | invenio-communities | 2019-07-29T15:15:00Z | 2019-08-01T16:59:00Z |
| pysec-2019-119 |
|
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker c… | salt | 2019-07-18T17:15:00Z | 2019-08-13T18:15:00Z |
| pysec-2019-129 |
|
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verif… | twisted | 2019-06-16T12:29:00Z | 2019-08-14T03:15:00Z |
| pysec-2019-219 |
|
Recommender before 2018-07-18 allows XSS. | recommender-xblock | 2019-08-09T16:15:00Z | 2019-08-15T16:48:00Z |
| pysec-2019-19 |
|
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | django-js-reverse | 2019-08-23T13:15:00Z | 2019-08-26T17:39:00Z |