Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from 🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.

PySec 🐍

Recent vulnerabilities · 5566 entries
ID Severity Description Package Published Updated
pysec-2026-2077
3.7 (3.1)
### Impact There is a stored cross site scripting vulnerability for SVG images. Note tha… zope 2026-07-07T11:45:24.678692Z 2026-07-07T17:25:53.702556Z
pysec-2026-2076
9.1 (3.1)
6.6 (4.0)
### Impact Anonymous users can delete the user data maintained by an `AccessControl.userf… zope 2026-07-07T14:34:43.747557Z 2026-07-07T17:25:53.624994Z
pysec-2026-2075
6.8 (3.1)
### Impact Python's "format" functionality allows someone controlling the format string t… zope 2026-07-07T11:45:23.791023Z 2026-07-07T17:25:53.555288Z
pysec-2026-2074
6.2 (3.1)
6.9 (4.0)
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all … zipp 2026-07-07T14:34:36.616482Z 2026-07-07T17:25:53.475581Z
pysec-2026-2073
8.2 (3.1)
6.2 (4.0)
### Impact The Python package "zhmcclient" writes password-like properties in clear text… zhmcclient 2026-07-07T14:34:46.070715Z 2026-07-07T17:25:53.417319Z
pysec-2026-2072
6.5 (3.1)
7.1 (4.0)
ZenML Server in the ZenML package before 0.46.7 for Python allows remote privilege escala… zenml 2026-07-07T11:45:33.016802Z 2026-07-07T17:25:53.356048Z
pysec-2026-2071
6.3 (3.1)
ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializ… zenml 2026-07-07T16:03:06.450033Z 2026-07-07T17:25:53.229259Z
pysec-2026-2070
5.4 (3.1)
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rat… zenml 2026-07-07T14:34:44.431797Z 2026-07-07T17:25:53.169324Z
pysec-2026-2069
3.9 (3.1)
2.0 (4.0)
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session cr… zenml 2026-07-07T14:34:34.551064Z 2026-07-07T17:25:53.106881Z
pysec-2026-2068
4.3 (3.1)
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to im… zenml 2026-07-07T14:34:35.381629Z 2026-07-07T17:25:53.044019Z
pysec-2026-2067
6.1 (3.1)
### Impact During file downloads, yt-dlp or the external downloaders that yt-dlp employs … yt-dlp 2026-07-07T11:45:20.265308Z 2026-07-07T17:25:52.928921Z
pysec-2026-2066
8.3 (3.1)
### Summary The [patch that addressed CVE-2023-40581](https://github.com/yt-dlp/yt-dlp/co… yt-dlp 2026-07-07T11:45:37.839656Z 2026-07-07T17:25:52.844224Z
pysec-2026-2065
7.8 (3.1)
### Summary `yt-dlp` does not limit the extensions of downloaded files, which could lead … yt-dlp 2026-07-07T14:34:36.149029Z 2026-07-07T17:25:52.761207Z
pysec-2026-2064
8.3 (3.1)
### Impact [`yt-dlp`](https://github.com/yt-dlp/yt-dlp) allows the user to provide shell … yt-dlp 2026-07-07T11:45:25.140715Z 2026-07-07T17:25:52.678461Z
pysec-2026-2063
5.0 (3.1)
### Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitr… yt-dlp 2026-07-07T11:45:26.929022Z 2026-07-07T17:25:52.599343Z
pysec-2026-2062
7.8 (3.1)
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-p… ydata-profiling 2026-07-07T11:45:45.450798Z 2026-07-07T17:25:52.524232Z
pysec-2026-2061
7.8 (3.1)
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-p… ydata-profiling 2026-07-07T11:45:45.072437Z 2026-07-07T17:25:52.467036Z
pysec-2026-2060
7.8 (3.1)
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-pr… ydata-profiling 2026-07-07T11:45:45.214787Z 2026-07-07T17:25:52.410735Z
pysec-2026-2059
6.5 (3.1)
YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL … yaql 2026-07-07T11:45:35.519704Z 2026-07-07T17:25:52.351751Z
pysec-2026-2058
8.7 (4.0)
### Impact When generating PDF files, this vulnerability allows an attacker to read arbit… xml2rfc 2026-07-07T16:03:02.110703Z 2026-07-07T17:25:52.291546Z
pysec-2026-2057
8.7 (4.0)
### Impact When generating PDF files, this vulnerability allows an attacker to read arbi… xml2rfc 2026-07-07T16:03:04.649471Z 2026-07-07T17:25:52.232806Z
pysec-2026-2056
5.3 (3.1)
5.5 (4.0)
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to ca… xhtml2pdf 2026-07-07T14:34:42.774289Z 2026-07-07T17:25:52.172079Z
pysec-2026-2054
7.5 (3.1)
7.7 (4.0)
### Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own… xgrammar 2026-07-07T16:03:01.881040Z 2026-07-07T17:25:52.052578Z
pysec-2026-2053
8.0 (3.1)
### Impact Multi-translation download could write to an arbitrary location when instructe… wlc 2026-07-07T16:03:18.960085Z 2026-07-07T17:25:51.828388Z
pysec-2026-2052
5.3 (3.1)
### Impact Historically, wlc supported providing unscoped API keys in the setting. This p… wlc 2026-07-07T16:03:18.162502Z 2026-07-07T17:25:51.772162Z
pysec-2026-2051
2.5 (3.1)
### Impact The SSL verification would be skipped for some crafted URLs. ### Patches * ht… wlc 2026-07-07T16:03:18.118006Z 2026-07-07T17:25:51.715240Z
pysec-2026-2050
3.9 (3.1)
### Impact The proxy mode of WireMock, can be protected by the network restrictions conf… wiremock 2026-07-07T11:45:23.967433Z 2026-07-07T17:25:51.657973Z
pysec-2026-2049
7.5 (3.1)
### Impact All historical installations of django-wiki are vulnerable to maliciously cra… wiki 2026-07-07T11:45:35.710147Z 2026-07-07T17:25:51.600320Z
pysec-2026-2048
8.9 (4.0)
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to … whoogle-search 2026-07-07T16:02:50.947336Z 2026-07-07T17:25:51.541698Z
pysec-2026-2047
7.1 (3.1)
### Summary - **Vulnerability Type:** Path Traversal (CWE-22) leading to Arbitrary File … wheel 2026-07-07T16:03:19.867108Z 2026-07-07T17:25:51.360940Z