Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-1339 |
0.0 (3.1)
|
### Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain lev… | ethyca-fides | 2026-07-07T14:34:36.222537Z | 2026-07-07T17:24:05.465705Z |
| pysec-2026-1497 |
0.0 (3.1)
|
### Impact In previous versions of Kiwi TCMS users were able to update their email addres… | kiwitcms | 2026-07-07T11:45:18.552672Z | 2026-07-07T17:24:26.101543Z |
| pysec-2026-1924 |
0.0 (3.1)
|
### Summary The sigstore-python OAuth authentication flow is susceptible to Cross-Site R… | sigstore | 2026-07-07T16:03:20.418491Z | 2026-07-07T17:25:24.106990Z |
| pysec-2026-2042 |
1.0 (4.0)
|
### Impact It was possible to accept an invitation opened by a different Weblate user. … | weblate | 2026-07-07T16:03:12.872307Z | 2026-07-07T17:25:50.724725Z |
| pysec-2026-195 |
1.1 (4.0)
|
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data… | mlflow | 2026-06-04T12:16:24.440Z | 2026-06-05T10:22:43.284691Z |
| pysec-2026-1672 |
1.3 (4.0)
|
### Summary The GET /download/<filename> route uses string path verification via os.path.… | mobsf | 2026-07-07T16:03:03.065548Z | 2026-07-07T17:24:44.805783Z |
| pysec-2026-1104 |
1.7 (4.0)
|
### Summary The Python parser is vulnerable to a request smuggling vulnerability due to n… | aiohttp | 2026-07-07T16:02:58.017770Z | 2026-07-07T17:23:37.007122Z |
| pysec-2026-1354 |
1.8 (4.0)
|
### Impact An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 i… | exiv2 | 2026-07-07T16:03:02.528413Z | 2026-07-07T17:24:06.991981Z |
| pysec-2026-1355 |
1.8 (4.0)
|
### Impact A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm … | exiv2 | 2026-07-07T16:03:02.626933Z | 2026-07-07T17:24:07.062410Z |
| pysec-2026-1377 |
1.8 (4.0)
|
In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallb… | flask | 2026-07-07T16:02:52.410162Z | 2026-07-07T16:02:52.410162Z |
| pysec-2025-186 |
1.9 (4.0)
|
A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnera… | pywasm3 | 2025-06-19T18:15:22Z | 2026-05-21T14:54:42.578466Z |
| pysec-2026-1234 |
1.9 (4.0)
|
A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers… | calibreweb | 2026-07-07T16:03:11.806566Z | 2026-07-07T17:23:52.942261Z |
| pysec-2026-1920 |
1.9 (4.0)
|
SickChill is an automatic video library manager for TV shows. A user-controlled `login` e… | sickchill | 2026-07-07T14:34:48.663290Z | 2026-07-07T17:25:23.863635Z |
| pysec-2025-190 |
2.0 (4.0)
|
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affec… | torch | 2025-03-10T13:15:36.290Z | 2026-02-24T18:52:49.347Z |
| pysec-2026-1212 |
2.0 (4.0)
|
### Impact An attacker may inject content with ASCII control characters like vertical ta… | badkeys | 2026-07-07T16:03:14.719026Z | 2026-07-07T17:23:49.361145Z |
| pysec-2026-1582 |
2.0 (4.0)
|
### Impact Non-string types are converted into string types, leading to type errors in %d… | loggingredactor | 2026-07-07T16:03:16.888713Z | 2026-07-07T17:24:35.564497Z |
| pysec-2026-1606 |
2.0 (4.0)
|
### Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a … | materialx | 2026-07-07T16:02:59.437613Z | 2026-07-07T16:02:59.437613Z |
| pysec-2026-1607 |
2.0 (4.0)
|
### Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a … | materialx | 2026-07-07T16:02:59.500150Z | 2026-07-07T16:02:59.500150Z |
| pysec-2026-1760 |
2.0 (4.0)
|
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attac… | pdf2zh | 2026-07-07T16:03:09.189855Z | 2026-07-07T16:03:09.189855Z |
| pysec-2026-1796 |
2.0 (4.0)
|
When pip is installing and extracting a maliciously crafted wheel archive, files may be e… | pip | 2026-07-07T16:36:56.040886Z | 2026-07-07T17:25:03.454323Z |
| pysec-2026-1913 |
2.0 (3.1)
|
### Impact Sentry's Slack integration incorrectly records the incoming request body in lo… | sentry | 2026-07-07T11:45:44.072040Z | 2026-07-07T11:45:44.072040Z |
| pysec-2026-1147 |
2.1 (4.0)
|
Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue… | apache-airflow-providers-fab | 2026-07-07T14:34:48.475757Z | 2026-07-07T17:23:41.854766Z |
| pysec-2026-1482 |
2.1 (4.0)
|
Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab… | jupyterlab | 2026-07-07T16:03:05.847517Z | 2026-07-07T17:24:23.214553Z |
| pysec-2026-1732 |
2.1 (4.0)
|
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ di… | open-webui | 2026-07-07T16:03:12.102402Z | 2026-07-07T17:24:54.562708Z |
| pysec-2026-2036 |
2.1 (4.0)
|
### Impact The verification of the second factor had too long a session expiry. The long … | weblate | 2026-07-07T16:03:03.211451Z | 2026-07-07T17:25:50.349228Z |
| pysec-2026-1814 |
2.2 (3.1)
2.1 (4.0)
|
### Summary The wrong string if check is run for `iss` checking, resulting in `"acb"` bei… | pyjwt | 2026-07-07T14:34:46.000573Z | 2026-07-07T14:34:46.000573Z |
| pysec-2024-302 |
2.3 (3.1)
|
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scri… | pyload-ng | 2024-10-25T23:15:02.530Z | 2026-05-21T14:54:41.451035Z |
| pysec-2026-1337 |
2.3 (3.1)
|
The Fides webserver requires a connection to a hosted PostgreSQL database for persistent … | ethyca-fides | 2026-07-07T11:45:43.875883Z | 2026-07-07T17:24:05.310654Z |
| pysec-2026-197 |
2.3 (4.0)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middlew… | django | 2026-06-03T14:16:41.247Z | 2026-06-06T09:31:26.956057Z |
| pysec-2026-200 |
2.3 (4.0)
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.ma… | django | 2026-06-03T14:16:47.087Z | 2026-06-06T09:31:27.551806Z |