Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from 🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.

PySec 🐍

Recent vulnerabilities · 5574 entries
ID Severity Description Package Published Updated
pysec-2025-19
9.8 (3.1)
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for … picklescan 2025-03-03T19:15:34+00:00 2027-07-09T15:54:00+00:00
pysec-2024-115
9.8 (3.1)
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain-community versi… langchain-community 2024-11-05T16:04:14Z 2027-07-09T15:45:00Z
pysec-2010-33
Withdrawn as duplicate of PYSEC-2010-32 ZServer in Zope 2.10.x before 2.10.12 and 2.11.x … zope 2010-09-08T20:00:04.573Z 2026-07-10T16:25:00Z
pysec-2010-32
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to… zope 2010-09-08T20:00:00Z 2026-07-10T16:25:00Z
pysec-2025-102
6.6 (3.1)
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows at… dagster-ge 2025-07-22T17:15:33.543Z 2026-07-09T16:51:49.990331Z
pysec-2023-313
6.5 (3.1)
Withdrawn as duplicate of PYSEC-2023-52 vantage6 is a privacy preserving federated learni… vantage6 2023-03-01T17:15:10.980Z 2026-07-09T16:23:00Z
pysec-2017-151
9.8 (3.1)
Withdrawn as duplicate of PYSEC-2017-35 Directory traversal vulnerability in minion id va… salt 2017-08-23T14:29:00.283Z 2026-07-09T16:21:00Z
pysec-2014-117
Withdrawn as duplicate of PYSEC-2014-17. The parser cache functionality in parsergenerato… rply 2014-01-28T00:55:04.037Z 2026-07-09T16:19:00Z
pysec-2022-43184
7.5 (3.1)
Withdrawn as duplicate of PYSEC-2022-292. Improper Handling of Length Parameter Inconsist… rdiffweb 2022-09-26T19:15:11.127Z 2026-07-09T16:16:00Z
pysec-2022-292
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb… rdiffweb 2022-09-26T19:15:00Z 2026-07-09T16:16:00Z
pysec-2017-150
8.8 (3.1)
Withdrawn as duplicate of PYSEC-2017-65 protobuf allows remote authenticated attackers to… protobuf 2017-09-25T17:29:00.397Z 2026-07-09T16:15:00Z
pysec-2011-32
Withdrawn as duplicate of PYSEC-2011-25. Unspecified vulnerability in (1) Zope 2.12.x be… plone 2011-07-19T20:55:01.197Z 2026-07-09T16:11:00Z
pysec-2011-25
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as … plone 2011-07-19T20:55:00Z 2026-07-09T16:11:00Z
pysec-2008-15
Withdrawn as duplicate of PYSEC-2008-14. Multiple cross-site request forgery (CSRF) vulne… plone 2008-03-20T00:44:00Z 2026-07-09T16:09:00Z
pysec-2008-14
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 a… plone 2008-03-20T00:44:00Z 2026-07-09T16:09:00Z
pysec-2006-9
Withdrawn as duplicate of PYSEC-2005-5. Unspecified vulnerability in the Password Reset T… plone 2006-09-29T19:07:00Z 2026-07-09T16:03:00Z
pysec-2006-5
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 … plone 2006-09-29T19:07:00Z 2026-07-09T16:03:00Z
pysec-2006-10
Withdrawn as duplicate of PYSEC-2006-6. Unspecified vulnerability in PlonePAS in Plone 2.… plone 2006-12-07T23:28:00Z 2026-07-09T15:54:00Z
pysec-2021-330
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify l… parlai 2021-09-10T22:15:00Z 2026-07-09T15:47:00Z
pysec-2021-104
Zope is an open-source web application server. This advisory extends the previous advisor… zope 2021-06-08T18:15:00Z 2026-07-09T15:38:00Z
pysec-2020-346
6.1 (3.1)
Withdrawn as duplicate of PYSEC-2020-50. The Jupyter Server provides the backend (i.e. th… jupyter-server 2020-12-21T18:15:15.353Z 2026-07-09T15:18:00Z
pysec-2024-260
7.5 (3.1)
Withdrawn as duplicate of PYSEC-2024-71. A vulnerability in corydolphin/flask-cors versio… flask-cors 2024-08-18T19:15:04.730Z 2026-07-09T14:57:00Z
pysec-2022-43182
6.1 (3.1)
Withdrawn as duplicate of PYSEC-2022-239. The time and filter parameters in Fava prior to… fava 2022-07-25T14:15:10.873Z 2026-07-09T14:54:00Z
pysec-2020-36
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection … django 2020-03-05T15:15:00Z 2026-07-09T14:49:00Z
pysec-2020-345
8.8 (3.1)
Withdrawn as duplicate of PYSEC-2020-36. Django 1.11 before 1.11.29, 2.2 before 2.2.11, a… django 2020-03-05T15:15:12.410Z 2026-07-09T14:49:00Z
pysec-2026-798
6.1 (3.1)
Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Doc… crawl4ai 2026-06-30T23:17:29.363Z 2026-07-09T14:40:00Z
pysec-2026-239
9.3 (4.0)
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded … crawl4ai 2026-06-21T14:16:24.980Z 2026-07-09T14:40:00Z
pysec-2026-230
5.3 (4.0)
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor… crawl4ai 2026-06-23T13:16:44.947Z 2026-07-09T14:40:00Z
pysec-2026-229
6.5 (3.1)
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor rout… crawl4ai 2026-06-24T13:16:35.263Z 2026-07-09T14:40:00Z
pysec-2021-872
Withdrawn as duplicate of PYSEC-2021-871. An issue was discovered in the Dask distributed… distributed 2021-10-26T11:15:00Z 2026-07-09T14:40:00Z