Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from 🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.

PySec 🐍

Recent vulnerabilities · 2780 entries
ID Severity Description Package Published Updated
pysec-2026-1339
0.0 (3.1)
### Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain lev… ethyca-fides 2026-07-07T14:34:36.222537Z 2026-07-07T17:24:05.465705Z
pysec-2026-1497
0.0 (3.1)
### Impact In previous versions of Kiwi TCMS users were able to update their email addres… kiwitcms 2026-07-07T11:45:18.552672Z 2026-07-07T17:24:26.101543Z
pysec-2026-1924
0.0 (3.1)
### Summary The sigstore-python OAuth authentication flow is susceptible to Cross-Site R… sigstore 2026-07-07T16:03:20.418491Z 2026-07-07T17:25:24.106990Z
pysec-2026-2042
1.0 (4.0)
### Impact It was possible to accept an invitation opened by a different Weblate user. … weblate 2026-07-07T16:03:12.872307Z 2026-07-07T17:25:50.724725Z
pysec-2026-195
1.1 (4.0)
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data… mlflow 2026-06-04T12:16:24.440Z 2026-06-05T10:22:43.284691Z
pysec-2026-1672
1.3 (4.0)
### Summary The GET /download/<filename> route uses string path verification via os.path.… mobsf 2026-07-07T16:03:03.065548Z 2026-07-07T17:24:44.805783Z
pysec-2026-1104
1.7 (4.0)
### Summary The Python parser is vulnerable to a request smuggling vulnerability due to n… aiohttp 2026-07-07T16:02:58.017770Z 2026-07-07T17:23:37.007122Z
pysec-2026-1354
1.8 (4.0)
### Impact An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 i… exiv2 2026-07-07T16:03:02.528413Z 2026-07-07T17:24:06.991981Z
pysec-2026-1355
1.8 (4.0)
### Impact A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm … exiv2 2026-07-07T16:03:02.626933Z 2026-07-07T17:24:07.062410Z
pysec-2026-1377
1.8 (4.0)
In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallb… flask 2026-07-07T16:02:52.410162Z 2026-07-07T16:02:52.410162Z
pysec-2025-186
1.9 (4.0)
A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnera… pywasm3 2025-06-19T18:15:22Z 2026-05-21T14:54:42.578466Z
pysec-2026-1234
1.9 (4.0)
A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers… calibreweb 2026-07-07T16:03:11.806566Z 2026-07-07T17:23:52.942261Z
pysec-2026-1920
1.9 (4.0)
SickChill is an automatic video library manager for TV shows. A user-controlled `login` e… sickchill 2026-07-07T14:34:48.663290Z 2026-07-07T17:25:23.863635Z
pysec-2025-190
2.0 (4.0)
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affec… torch 2025-03-10T13:15:36.290Z 2026-02-24T18:52:49.347Z
pysec-2026-1212
2.0 (4.0)
### Impact An attacker may inject content with ASCII control characters like vertical ta… badkeys 2026-07-07T16:03:14.719026Z 2026-07-07T17:23:49.361145Z
pysec-2026-1582
2.0 (4.0)
### Impact Non-string types are converted into string types, leading to type errors in %d… loggingredactor 2026-07-07T16:03:16.888713Z 2026-07-07T17:24:35.564497Z
pysec-2026-1606
2.0 (4.0)
### Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a … materialx 2026-07-07T16:02:59.437613Z 2026-07-07T16:02:59.437613Z
pysec-2026-1607
2.0 (4.0)
### Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a … materialx 2026-07-07T16:02:59.500150Z 2026-07-07T16:02:59.500150Z
pysec-2026-1760
2.0 (4.0)
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attac… pdf2zh 2026-07-07T16:03:09.189855Z 2026-07-07T16:03:09.189855Z
pysec-2026-1796
2.0 (4.0)
When pip is installing and extracting a maliciously crafted wheel archive, files may be e… pip 2026-07-07T16:36:56.040886Z 2026-07-07T17:25:03.454323Z
pysec-2026-1913
2.0 (3.1)
### Impact Sentry's Slack integration incorrectly records the incoming request body in lo… sentry 2026-07-07T11:45:44.072040Z 2026-07-07T11:45:44.072040Z
pysec-2026-1147
2.1 (4.0)
Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue… apache-airflow-providers-fab 2026-07-07T14:34:48.475757Z 2026-07-07T17:23:41.854766Z
pysec-2026-1482
2.1 (4.0)
Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab… jupyterlab 2026-07-07T16:03:05.847517Z 2026-07-07T17:24:23.214553Z
pysec-2026-1732
2.1 (4.0)
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ di… open-webui 2026-07-07T16:03:12.102402Z 2026-07-07T17:24:54.562708Z
pysec-2026-2036
2.1 (4.0)
### Impact The verification of the second factor had too long a session expiry. The long … weblate 2026-07-07T16:03:03.211451Z 2026-07-07T17:25:50.349228Z
pysec-2026-1814
2.2 (3.1)
2.1 (4.0)
### Summary The wrong string if check is run for `iss` checking, resulting in `"acb"` bei… pyjwt 2026-07-07T14:34:46.000573Z 2026-07-07T14:34:46.000573Z
pysec-2024-302
2.3 (3.1)
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scri… pyload-ng 2024-10-25T23:15:02.530Z 2026-05-21T14:54:41.451035Z
pysec-2026-1337
2.3 (3.1)
The Fides webserver requires a connection to a hosted PostgreSQL database for persistent … ethyca-fides 2026-07-07T11:45:43.875883Z 2026-07-07T17:24:05.310654Z
pysec-2026-197
2.3 (4.0)
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middlew… django 2026-06-03T14:16:41.247Z 2026-06-06T09:31:26.956057Z
pysec-2026-200
2.3 (4.0)
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.ma… django 2026-06-03T14:16:47.087Z 2026-06-06T09:31:27.551806Z