Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
112048
AlmaLinux
2822
Alpine
3429
Android
890
Bitnami
3949
CRAN
10
crates.io
1353
Debian
9889
GIT
27849
GitHub Actions
16
Go
2185
Hackage
18
Hex
30
Linux
13573
Maven
4893
npm
14445
NuGet
587
OSS-Fuzz
3314
Packagist
3588
Pub
8
PyPI
12039
Rocky Linux
1192
RubyGems
790
SwiftURL
31
Ubuntu
5148
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-3783-62vc-jr7x
PyPI/consoleme
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
0.0.0
1.0.6.dev10
1.1.1
1.1.10.dev1
1.1.10.dev2
1.1.10.dev3
1.1.10.dev4
...
2024-05-16T21:02:36Z
Fix available
GHSA-cqh9-jfqr-h9jj
PyPI/wandb
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
0.1.0
0.10.0
0.10.0rc1
0.10.0rc2
0.10.0rc3
0.10.0rc4
0.10.0rc5
...
2024-05-16T09:33:09Z
No fix available
GHSA-p4jx-q62p-x5jr
PyPI/mlflow
MLflow allows low privilege users to delete any artifact
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
...
2024-05-16T09:33:08Z
Fix available
GHSA-pw38-xv9x-h8ch
PyPI/llama-index
PyPI/llama-index-llms-rungpt
RunGptLLM class in LlamaIndex has a command injection
0.10.0
0.10.1
0.10.10
0.10.11
0.10.12
0.10.3
0.10.4
...
2024-05-16T09:33:08Z
Fix available
GHSA-rfqq-wq6w-72jm
PyPI/mlflow
MLflow has a Local File Read/Path Traversal bypass
2.10.0
2.10.1
2.10.2
2.11.0
2.11.1
2.11.2
2.11.3
...
2024-05-16T09:33:08Z
Fix available
GHSA-4724-7jwc-3fpw
PyPI/github-com/grafana/grafana
Grafana Spoofing originalUrl of snapshots
See details.
2024-05-14T22:29:26Z
Fix available
GHSA-23j4-mw76-5v7h
PyPI/scrapy
Scrapy allows redirect following in protocols other than HTTP
0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...
2024-05-14T20:14:49Z
Fix available
GHSA-jm3v-qxmh-hxwv
PyPI/scrapy
Scrapy's redirects ignoring scheme-specific proxy settings
0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...
2024-05-14T20:14:43Z
Fix available
GHSA-4qqq-9vqf-3h3f
PyPI/scrapy
Scrapy leaks the authorization header on same-domain but cross-origin redirects
0.10.4.2364
0.12.0.2550
0.14.1
0.14.2
0.14.3
0.14.4
0.16.0
...
2024-05-14T20:14:33Z
Fix available
GHSA-2vjq-hg5w-5gm7
PyPI/octoprint
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
1.10.0
1.10.0rc1
1.10.0rc2
1.10.0rc3
1.10.0rc4
1.3.11
1.3.12
...
2024-05-14T20:13:47Z
Fix available
GHSA-52gm-qmg3-r4qp
PyPI/apache-airflow
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
2.9.0
2.9.1rc1
2.9.1rc2
2024-05-14T18:31:00Z
Fix available
MAL-2024-1365
Malicious code in testpkg3322 (PyPI)
2.35.8
2024-05-14T06:17:03Z
No fix available
GHSA-r2hr-4v48-fjv3
PyPI/nautobot
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
1.0.0
1.0.0a1
1.0.0a2
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
...
2024-05-13T19:59:26Z
Fix available
GHSA-56xg-wfcc-g829
PyPI/llama-cpp-python
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
0.2.30
0.2.31
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36
...
2024-05-13T14:10:18Z
No fix available
GHSA-w4h6-9wrp-v5jq
PyPI/frigate
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
0.1.0
0.2.0
0.3.0
0.4.0
0.4.0a0
0.4.0a0.post0.dev14
0.5.0
...
2024-05-09T15:13:49Z
Fix available
GHSA-299q-3p96-5898
PyPI/apache-superset
Apache Superset Incorrect Authorization vulnerability
0.34.0
0.34.1
0.35.1
0.35.2
0.36.0
0.37.0
0.37.1
...
2024-05-07T15:30:36Z
Fix available
Load more...
PyPI - OSV