Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2025-19 |
9.8 (3.1)
|
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for … | picklescan | 2025-03-03T19:15:34+00:00 | 2027-07-09T15:54:00+00:00 |
| pysec-2024-115 |
9.8 (3.1)
|
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain-community versi… | langchain-community | 2024-11-05T16:04:14Z | 2027-07-09T15:45:00Z |
| pysec-2010-33 |
|
Withdrawn as duplicate of PYSEC-2010-32 ZServer in Zope 2.10.x before 2.10.12 and 2.11.x … | zope | 2010-09-08T20:00:04.573Z | 2026-07-10T16:25:00Z |
| pysec-2010-32 |
|
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to… | zope | 2010-09-08T20:00:00Z | 2026-07-10T16:25:00Z |
| pysec-2025-102 |
6.6 (3.1)
|
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows at… | dagster-ge | 2025-07-22T17:15:33.543Z | 2026-07-09T16:51:49.990331Z |
| pysec-2023-313 |
6.5 (3.1)
|
Withdrawn as duplicate of PYSEC-2023-52 vantage6 is a privacy preserving federated learni… | vantage6 | 2023-03-01T17:15:10.980Z | 2026-07-09T16:23:00Z |
| pysec-2017-151 |
9.8 (3.1)
|
Withdrawn as duplicate of PYSEC-2017-35 Directory traversal vulnerability in minion id va… | salt | 2017-08-23T14:29:00.283Z | 2026-07-09T16:21:00Z |
| pysec-2014-117 |
|
Withdrawn as duplicate of PYSEC-2014-17. The parser cache functionality in parsergenerato… | rply | 2014-01-28T00:55:04.037Z | 2026-07-09T16:19:00Z |
| pysec-2022-43184 |
7.5 (3.1)
|
Withdrawn as duplicate of PYSEC-2022-292. Improper Handling of Length Parameter Inconsist… | rdiffweb | 2022-09-26T19:15:11.127Z | 2026-07-09T16:16:00Z |
| pysec-2022-292 |
|
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb… | rdiffweb | 2022-09-26T19:15:00Z | 2026-07-09T16:16:00Z |
| pysec-2017-150 |
8.8 (3.1)
|
Withdrawn as duplicate of PYSEC-2017-65 protobuf allows remote authenticated attackers to… | protobuf | 2017-09-25T17:29:00.397Z | 2026-07-09T16:15:00Z |
| pysec-2011-32 |
|
Withdrawn as duplicate of PYSEC-2011-25. Unspecified vulnerability in (1) Zope 2.12.x be… | plone | 2011-07-19T20:55:01.197Z | 2026-07-09T16:11:00Z |
| pysec-2011-25 |
|
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as … | plone | 2011-07-19T20:55:00Z | 2026-07-09T16:11:00Z |
| pysec-2008-15 |
|
Withdrawn as duplicate of PYSEC-2008-14. Multiple cross-site request forgery (CSRF) vulne… | plone | 2008-03-20T00:44:00Z | 2026-07-09T16:09:00Z |
| pysec-2008-14 |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 a… | plone | 2008-03-20T00:44:00Z | 2026-07-09T16:09:00Z |
| pysec-2006-9 |
|
Withdrawn as duplicate of PYSEC-2005-5. Unspecified vulnerability in the Password Reset T… | plone | 2006-09-29T19:07:00Z | 2026-07-09T16:03:00Z |
| pysec-2006-5 |
|
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 … | plone | 2006-09-29T19:07:00Z | 2026-07-09T16:03:00Z |
| pysec-2006-10 |
|
Withdrawn as duplicate of PYSEC-2006-6. Unspecified vulnerability in PlonePAS in Plone 2.… | plone | 2006-12-07T23:28:00Z | 2026-07-09T15:54:00Z |
| pysec-2021-330 |
|
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify l… | parlai | 2021-09-10T22:15:00Z | 2026-07-09T15:47:00Z |
| pysec-2021-104 |
|
Zope is an open-source web application server. This advisory extends the previous advisor… | zope | 2021-06-08T18:15:00Z | 2026-07-09T15:38:00Z |
| pysec-2020-346 |
6.1 (3.1)
|
Withdrawn as duplicate of PYSEC-2020-50. The Jupyter Server provides the backend (i.e. th… | jupyter-server | 2020-12-21T18:15:15.353Z | 2026-07-09T15:18:00Z |
| pysec-2024-260 |
7.5 (3.1)
|
Withdrawn as duplicate of PYSEC-2024-71. A vulnerability in corydolphin/flask-cors versio… | flask-cors | 2024-08-18T19:15:04.730Z | 2026-07-09T14:57:00Z |
| pysec-2022-43182 |
6.1 (3.1)
|
Withdrawn as duplicate of PYSEC-2022-239. The time and filter parameters in Fava prior to… | fava | 2022-07-25T14:15:10.873Z | 2026-07-09T14:54:00Z |
| pysec-2020-36 |
|
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection … | django | 2020-03-05T15:15:00Z | 2026-07-09T14:49:00Z |
| pysec-2020-345 |
8.8 (3.1)
|
Withdrawn as duplicate of PYSEC-2020-36. Django 1.11 before 1.11.29, 2.2 before 2.2.11, a… | django | 2020-03-05T15:15:12.410Z | 2026-07-09T14:49:00Z |
| pysec-2026-798 |
6.1 (3.1)
|
Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Doc… | crawl4ai | 2026-06-30T23:17:29.363Z | 2026-07-09T14:40:00Z |
| pysec-2026-239 |
9.3 (4.0)
|
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded … | crawl4ai | 2026-06-21T14:16:24.980Z | 2026-07-09T14:40:00Z |
| pysec-2026-230 |
5.3 (4.0)
|
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor… | crawl4ai | 2026-06-23T13:16:44.947Z | 2026-07-09T14:40:00Z |
| pysec-2026-229 |
6.5 (3.1)
|
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor rout… | crawl4ai | 2026-06-24T13:16:35.263Z | 2026-07-09T14:40:00Z |
| pysec-2021-872 |
|
Withdrawn as duplicate of PYSEC-2021-871. An issue was discovered in the Dask distributed… | distributed | 2021-10-26T11:15:00Z | 2026-07-09T14:40:00Z |