Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-2077 |
3.7 (3.1)
|
### Impact There is a stored cross site scripting vulnerability for SVG images. Note tha… | zope | 2026-07-07T11:45:24.678692Z | 2026-07-07T17:25:53.702556Z |
| pysec-2026-2076 |
9.1 (3.1)
6.6 (4.0)
|
### Impact Anonymous users can delete the user data maintained by an `AccessControl.userf… | zope | 2026-07-07T14:34:43.747557Z | 2026-07-07T17:25:53.624994Z |
| pysec-2026-2075 |
6.8 (3.1)
|
### Impact Python's "format" functionality allows someone controlling the format string t… | zope | 2026-07-07T11:45:23.791023Z | 2026-07-07T17:25:53.555288Z |
| pysec-2026-2074 |
6.2 (3.1)
6.9 (4.0)
|
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all … | zipp | 2026-07-07T14:34:36.616482Z | 2026-07-07T17:25:53.475581Z |
| pysec-2026-2073 |
8.2 (3.1)
6.2 (4.0)
|
### Impact The Python package "zhmcclient" writes password-like properties in clear text… | zhmcclient | 2026-07-07T14:34:46.070715Z | 2026-07-07T17:25:53.417319Z |
| pysec-2026-2072 |
6.5 (3.1)
7.1 (4.0)
|
ZenML Server in the ZenML package before 0.46.7 for Python allows remote privilege escala… | zenml | 2026-07-07T11:45:33.016802Z | 2026-07-07T17:25:53.356048Z |
| pysec-2026-2071 |
6.3 (3.1)
|
ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializ… | zenml | 2026-07-07T16:03:06.450033Z | 2026-07-07T17:25:53.229259Z |
| pysec-2026-2070 |
5.4 (3.1)
|
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rat… | zenml | 2026-07-07T14:34:44.431797Z | 2026-07-07T17:25:53.169324Z |
| pysec-2026-2069 |
3.9 (3.1)
2.0 (4.0)
|
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session cr… | zenml | 2026-07-07T14:34:34.551064Z | 2026-07-07T17:25:53.106881Z |
| pysec-2026-2068 |
4.3 (3.1)
|
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to im… | zenml | 2026-07-07T14:34:35.381629Z | 2026-07-07T17:25:53.044019Z |
| pysec-2026-2067 |
6.1 (3.1)
|
### Impact During file downloads, yt-dlp or the external downloaders that yt-dlp employs … | yt-dlp | 2026-07-07T11:45:20.265308Z | 2026-07-07T17:25:52.928921Z |
| pysec-2026-2066 |
8.3 (3.1)
|
### Summary The [patch that addressed CVE-2023-40581](https://github.com/yt-dlp/yt-dlp/co… | yt-dlp | 2026-07-07T11:45:37.839656Z | 2026-07-07T17:25:52.844224Z |
| pysec-2026-2065 |
7.8 (3.1)
|
### Summary `yt-dlp` does not limit the extensions of downloaded files, which could lead … | yt-dlp | 2026-07-07T14:34:36.149029Z | 2026-07-07T17:25:52.761207Z |
| pysec-2026-2064 |
8.3 (3.1)
|
### Impact [`yt-dlp`](https://github.com/yt-dlp/yt-dlp) allows the user to provide shell … | yt-dlp | 2026-07-07T11:45:25.140715Z | 2026-07-07T17:25:52.678461Z |
| pysec-2026-2063 |
5.0 (3.1)
|
### Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitr… | yt-dlp | 2026-07-07T11:45:26.929022Z | 2026-07-07T17:25:52.599343Z |
| pysec-2026-2062 |
7.8 (3.1)
|
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-p… | ydata-profiling | 2026-07-07T11:45:45.450798Z | 2026-07-07T17:25:52.524232Z |
| pysec-2026-2061 |
7.8 (3.1)
|
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-p… | ydata-profiling | 2026-07-07T11:45:45.072437Z | 2026-07-07T17:25:52.467036Z |
| pysec-2026-2060 |
7.8 (3.1)
|
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-pr… | ydata-profiling | 2026-07-07T11:45:45.214787Z | 2026-07-07T17:25:52.410735Z |
| pysec-2026-2059 |
6.5 (3.1)
|
YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL … | yaql | 2026-07-07T11:45:35.519704Z | 2026-07-07T17:25:52.351751Z |
| pysec-2026-2058 |
8.7 (4.0)
|
### Impact When generating PDF files, this vulnerability allows an attacker to read arbit… | xml2rfc | 2026-07-07T16:03:02.110703Z | 2026-07-07T17:25:52.291546Z |
| pysec-2026-2057 |
8.7 (4.0)
|
### Impact When generating PDF files, this vulnerability allows an attacker to read arbi… | xml2rfc | 2026-07-07T16:03:04.649471Z | 2026-07-07T17:25:52.232806Z |
| pysec-2026-2056 |
5.3 (3.1)
5.5 (4.0)
|
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to ca… | xhtml2pdf | 2026-07-07T14:34:42.774289Z | 2026-07-07T17:25:52.172079Z |
| pysec-2026-2054 |
7.5 (3.1)
7.7 (4.0)
|
### Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own… | xgrammar | 2026-07-07T16:03:01.881040Z | 2026-07-07T17:25:52.052578Z |
| pysec-2026-2053 |
8.0 (3.1)
|
### Impact Multi-translation download could write to an arbitrary location when instructe… | wlc | 2026-07-07T16:03:18.960085Z | 2026-07-07T17:25:51.828388Z |
| pysec-2026-2052 |
5.3 (3.1)
|
### Impact Historically, wlc supported providing unscoped API keys in the setting. This p… | wlc | 2026-07-07T16:03:18.162502Z | 2026-07-07T17:25:51.772162Z |
| pysec-2026-2051 |
2.5 (3.1)
|
### Impact The SSL verification would be skipped for some crafted URLs. ### Patches * ht… | wlc | 2026-07-07T16:03:18.118006Z | 2026-07-07T17:25:51.715240Z |
| pysec-2026-2050 |
3.9 (3.1)
|
### Impact The proxy mode of WireMock, can be protected by the network restrictions conf… | wiremock | 2026-07-07T11:45:23.967433Z | 2026-07-07T17:25:51.657973Z |
| pysec-2026-2049 |
7.5 (3.1)
|
### Impact All historical installations of django-wiki are vulnerable to maliciously cra… | wiki | 2026-07-07T11:45:35.710147Z | 2026-07-07T17:25:51.600320Z |
| pysec-2026-2048 |
8.9 (4.0)
|
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to … | whoogle-search | 2026-07-07T16:02:50.947336Z | 2026-07-07T17:25:51.541698Z |
| pysec-2026-2047 |
7.1 (3.1)
|
### Summary - **Vulnerability Type:** Path Traversal (CWE-22) leading to Arbitrary File … | wheel | 2026-07-07T16:03:19.867108Z | 2026-07-07T17:25:51.360940Z |