├── vulns ├── .id-allocator ├── svglib │ └── PYSEC-2020-111.yaml ├── validators │ ├── PYSEC-2019-134.yaml │ └── PYSEC-2019-64.yaml ├── invenio-previewer │ ├── PYSEC-2019-26.yaml │ └── PYSEC-2019-96.yaml ├── invenio-app │ ├── PYSEC-2019-24.yaml │ └── PYSEC-2019-94.yaml ├── donfig │ ├── PYSEC-2019-21.yaml │ └── PYSEC-2019-91.yaml ├── gramaddict │ └── PYSEC-2021-65.yaml ├── rsa │ ├── PYSEC-2020-100.yaml │ └── PYSEC-2020-99.yaml ├── git-big-picture │ └── PYSEC-2021-15.yaml ├── sqla-yaml-fixtures │ ├── PYSEC-2019-52.yaml │ └── PYSEC-2019-122.yaml ├── pyqlib │ └── PYSEC-2021-86.yaml ├── locust │ └── PYSEC-2020-60.yaml ├── mayan-edms-ng │ └── PYSEC-2018-16.yaml ├── tuf │ ├── PYSEC-2020-147.yaml │ ├── PYSEC-2020-146.yaml │ └── PYSEC-2020-145.yaml ├── rediswrapper │ ├── PYSEC-2019-46.yaml │ └── PYSEC-2019-116.yaml ├── apache-airflow │ ├── PYSEC-2019-143.yaml │ ├── PYSEC-2019-142.yaml │ ├── PYSEC-2020-23.yaml │ ├── PYSEC-2020-162.yaml │ ├── PYSEC-2020-181.yaml │ ├── PYSEC-2020-15.yaml │ ├── PYSEC-2020-17.yaml │ ├── PYSEC-2020-20.yaml │ ├── PYSEC-2020-16.yaml │ └── PYSEC-2020-14.yaml ├── misp-maltego │ └── PYSEC-2020-66.yaml ├── ceilometer │ ├── PYSEC-2019-8.yaml │ └── PYSEC-2019-78.yaml ├── oncall │ └── PYSEC-2021-33.yaml ├── django-celery-results │ └── PYSEC-2020-38.yaml ├── invenio-communities │ ├── PYSEC-2019-25.yaml │ └── PYSEC-2019-95.yaml ├── keystone │ ├── PYSEC-2018-9.yaml │ ├── PYSEC-2020-56.yaml │ ├── PYSEC-2020-54.yaml │ ├── PYSEC-2020-53.yaml │ └── PYSEC-2020-55.yaml ├── plone │ ├── PYSEC-2020-87.yaml │ └── PYSEC-2020-86.yaml ├── pyarchery │ ├── PYSEC-2019-42.yaml │ └── PYSEC-2019-112.yaml ├── django │ ├── PYSEC-2018-4.yaml │ ├── PYSEC-2018-3.yaml │ └── PYSEC-2018-2.yaml ├── pyspark │ ├── PYSEC-2018-25.yaml │ ├── PYSEC-2019-114.yaml │ └── PYSEC-2019-44.yaml ├── linotp │ ├── PYSEC-2019-33.yaml │ └── PYSEC-2019-103.yaml ├── ansible │ ├── PYSEC-2020-2.yaml │ ├── PYSEC-2019-3.yaml │ ├── PYSEC-2019-73.yaml │ ├── PYSEC-2020-4.yaml │ ├── PYSEC-2020-160.yaml │ ├── PYSEC-2020-179.yaml │ └── PYSEC-2020-13.yaml ├── rpyc │ ├── PYSEC-2019-118.yaml │ └── PYSEC-2019-48.yaml ├── modoboa-dmarc │ ├── PYSEC-2019-35.yaml │ └── PYSEC-2019-105.yaml ├── nnabla │ ├── PYSEC-2019-107.yaml │ └── PYSEC-2019-37.yaml ├── steam │ ├── PYSEC-2019-125.yaml │ └── PYSEC-2019-55.yaml ├── proxy-py │ └── PYSEC-2021-46.yaml ├── webargs │ └── PYSEC-2020-156.yaml ├── matrix-sydent │ ├── PYSEC-2021-24.yaml │ └── PYSEC-2021-23.yaml ├── snapcraft │ └── PYSEC-2020-109.yaml ├── bsdiff4 │ └── PYSEC-2020-30.yaml ├── invenio-records │ ├── PYSEC-2019-27.yaml │ └── PYSEC-2019-97.yaml ├── django-js-reverse │ ├── PYSEC-2019-19.yaml │ └── PYSEC-2019-89.yaml ├── drf-jwt │ └── PYSEC-2020-40.yaml ├── arrayfire │ └── PYSEC-2019-144.yaml ├── py-mini-racer │ └── PYSEC-2020-93.yaml ├── cloudtoken │ └── PYSEC-2018-1.yaml ├── flask-caching │ └── PYSEC-2021-13.yaml ├── tink │ └── PYSEC-2020-142.yaml ├── postfix-mta-sts-resolver │ ├── PYSEC-2020-174.yaml │ └── PYSEC-2020-193.yaml ├── pykmip │ └── PYSEC-2018-22.yaml ├── pycryptodome │ └── PYSEC-2018-21.yaml ├── moin │ └── PYSEC-2020-67.yaml ├── octoprint │ ├── PYSEC-2021-30.yaml │ └── PYSEC-2021-29.yaml ├── pyyaml │ ├── PYSEC-2020-176.yaml │ └── PYSEC-2020-195.yaml ├── parso │ ├── PYSEC-2019-109.yaml │ └── PYSEC-2019-39.yaml ├── ecdsa │ ├── PYSEC-2020-163.yaml │ └── PYSEC-2020-182.yaml ├── jupyterhub-kubespawner │ └── PYSEC-2020-51.yaml ├── buildbot │ ├── PYSEC-2019-7.yaml │ └── PYSEC-2019-77.yaml ├── eve │ └── PYSEC-2018-8.yaml ├── papermerge │ └── PYSEC-2020-74.yaml ├── werkzeug │ └── PYSEC-2020-157.yaml ├── pillow │ ├── PYSEC-2021-71.yaml │ ├── PYSEC-2021-39.yaml │ ├── PYSEC-2021-36.yaml │ └── PYSEC-2021-37.yaml ├── asyncpg │ └── PYSEC-2020-24.yaml ├── pypiserver │ ├── PYSEC-2019-43.yaml │ └── PYSEC-2019-113.yaml ├── jupyterhub │ └── PYSEC-2021-67.yaml ├── aioxmpp │ ├── PYSEC-2019-1.yaml │ └── PYSEC-2019-71.yaml ├── websockets │ └── PYSEC-2021-95.yaml ├── django-rest-registration │ ├── PYSEC-2019-20.yaml │ └── PYSEC-2019-90.yaml ├── mitogen │ ├── PYSEC-2019-34.yaml │ └── PYSEC-2019-104.yaml ├── markdown2 │ ├── PYSEC-2018-13.yaml │ └── PYSEC-2021-20.yaml ├── manila │ └── PYSEC-2020-63.yaml ├── channels │ └── PYSEC-2021-60.yaml ├── urllib3 │ ├── PYSEC-2021-59.yaml │ └── PYSEC-2020-149.yaml ├── wagtail-2fa │ ├── PYSEC-2019-135.yaml │ └── PYSEC-2019-65.yaml ├── gerapy │ └── PYSEC-2020-44.yaml ├── nfstream │ └── PYSEC-2021-68.yaml ├── pyinstaller │ ├── PYSEC-2020-175.yaml │ └── PYSEC-2020-194.yaml ├── openapi-python-client │ ├── PYSEC-2020-71.yaml │ └── PYSEC-2020-70.yaml ├── sopel-plugins-channelmgnt │ ├── PYSEC-2020-110.yaml │ └── PYSEC-2021-58.yaml ├── wagtail │ └── PYSEC-2020-153.yaml ├── mayan-edms │ ├── PYSEC-2018-14.yaml │ └── PYSEC-2018-15.yaml ├── pyopenssl │ ├── PYSEC-2018-23.yaml │ └── PYSEC-2018-24.yaml ├── clickhouse-driver │ └── PYSEC-2021-61.yaml ├── scapy │ ├── PYSEC-2019-120.yaml │ └── PYSEC-2019-50.yaml ├── libtaxii │ └── PYSEC-2020-59.yaml ├── hyperkitty │ └── PYSEC-2021-77.yaml ├── blackduck │ └── PYSEC-2020-26.yaml ├── eventlet │ └── PYSEC-2021-12.yaml ├── psd-tools │ └── PYSEC-2020-91.yaml ├── tensorflow │ └── PYSEC-2020-141.yaml ├── bleach │ └── PYSEC-2020-28.yaml ├── notebook │ └── PYSEC-2018-18.yaml ├── django-debug-toolbar │ └── PYSEC-2021-10.yaml ├── jupyterhub-systemdspawner │ └── PYSEC-2020-52.yaml ├── tlslite-ng │ └── PYSEC-2018-31.yaml ├── horizon │ └── PYSEC-2020-45.yaml ├── omero-web │ ├── PYSEC-2021-32.yaml │ └── PYSEC-2021-31.yaml ├── httpie │ ├── PYSEC-2019-23.yaml │ └── PYSEC-2019-93.yaml ├── flask-unchained │ └── PYSEC-2021-96.yaml ├── indico │ └── PYSEC-2021-18.yaml ├── lookatme │ └── PYSEC-2020-61.yaml ├── django-anymail │ └── PYSEC-2018-7.yaml ├── qutebrowser │ └── PYSEC-2018-27.yaml ├── jsonpickle │ └── PYSEC-2020-49.yaml ├── httplib2 │ └── PYSEC-2021-16.yaml ├── flask-cors │ └── PYSEC-2020-43.yaml └── scikit-learn │ └── PYSEC-2020-107.yaml └── .github └── workflows ├── auto_import.yaml └── automation.yaml /vulns/.id-allocator: -------------------------------------------------------------------------------- 1 | 705eb9dd9e74130bf95b212d29f883505880ce14edb593d89a721e5cf38debc2 -------------------------------------------------------------------------------- /vulns/svglib/PYSEC-2020-111.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-111 2 | package: 3 | name: svglib 4 | ecosystem: PyPI 5 | details: The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg 6 | call. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 0.9.4 11 | versions: 12 | - 0.6.0 13 | - 0.6.1 14 | - 0.6.2 15 | - 0.6.3 16 | - 0.8.0 17 | - 0.8.1 18 | - 0.9.0b0 19 | - 0.9.0 20 | - 0.9.1 21 | - 0.9.2 22 | - 0.9.3 23 | aliases: 24 | - CVE-2020-10799 25 | modified: '2020-03-24T20:38:00Z' 26 | published: '2020-03-20T23:15:00Z' 27 | references: 28 | - type: WEB 29 | url: https://github.com/deeplook/svglib/issues/229 30 | -------------------------------------------------------------------------------- /vulns/validators/PYSEC-2019-134.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-134 2 | package: 3 | name: validators 4 | ecosystem: PyPI 5 | details: The validators package 0.12.2 through 0.12.5 for Python enters an infinite 6 | loop when validators.domain is called with a crafted domain string. This is fixed 7 | in 0.12.6. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 0.12.2 12 | fixed: 0.12.6 13 | versions: 14 | - 0.12.2 15 | - 0.12.3 16 | - 0.12.4 17 | - 0.12.5 18 | aliases: 19 | - CVE-2019-19588 20 | modified: '2020-08-24T17:37:00Z' 21 | published: '2019-12-05T01:15:00Z' 22 | references: 23 | - type: WEB 24 | url: https://github.com/kvesteri/validators/issues/86 25 | -------------------------------------------------------------------------------- /vulns/validators/PYSEC-2019-64.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-64 2 | package: 3 | name: validators 4 | ecosystem: PyPI 5 | details: The validators package 0.12.2 through 0.12.5 for Python enters an infinite 6 | loop when validators.domain is called with a crafted domain string. This is fixed 7 | in 0.12.6. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 0.12.2 12 | fixed: 0.12.6 13 | versions: 14 | - 0.12.2 15 | - 0.12.3 16 | - 0.12.4 17 | - 0.12.5 18 | aliases: 19 | - CVE-2019-19588 20 | modified: '2020-08-24T17:37:00Z' 21 | published: '2019-12-05T01:15:00Z' 22 | references: 23 | - type: WEB 24 | url: https://github.com/kvesteri/validators/issues/86 25 | -------------------------------------------------------------------------------- /vulns/invenio-previewer/PYSEC-2019-26.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-26 2 | package: 3 | name: invenio-previewer 4 | ecosystem: PyPI 5 | details: invenio-previewer before 1.0.0a12 allows XSS. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.0.0a12 10 | versions: 11 | - 0.1.0 12 | - 1.0.0a2 13 | - 1.0.0a3 14 | - 1.0.0a4 15 | - 1.0.0a5 16 | - 1.0.0a6 17 | - 1.0.0a7 18 | - 1.0.0a8 19 | - 1.0.0a9 20 | - 1.0.0a10 21 | - 1.0.0a11 22 | aliases: 23 | - CVE-2019-1020019 24 | modified: '2019-07-31T19:44:00Z' 25 | published: '2019-07-29T14:15:00Z' 26 | references: 27 | - type: WEB 28 | url: https://github.com/inveniosoftware/invenio-previewer/security/advisories/GHSA-j9m2-6hq2-4r3c 29 | -------------------------------------------------------------------------------- /vulns/invenio-previewer/PYSEC-2019-96.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-96 2 | package: 3 | name: invenio-previewer 4 | ecosystem: PyPI 5 | details: invenio-previewer before 1.0.0a12 allows XSS. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.0.0a12 10 | versions: 11 | - 0.1.0 12 | - 1.0.0a2 13 | - 1.0.0a3 14 | - 1.0.0a4 15 | - 1.0.0a5 16 | - 1.0.0a6 17 | - 1.0.0a7 18 | - 1.0.0a8 19 | - 1.0.0a9 20 | - 1.0.0a10 21 | - 1.0.0a11 22 | aliases: 23 | - CVE-2019-1020019 24 | modified: '2019-07-31T19:44:00Z' 25 | published: '2019-07-29T14:15:00Z' 26 | references: 27 | - type: WEB 28 | url: https://github.com/inveniosoftware/invenio-previewer/security/advisories/GHSA-j9m2-6hq2-4r3c 29 | -------------------------------------------------------------------------------- /vulns/invenio-app/PYSEC-2019-24.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-24 2 | package: 3 | name: invenio-app 4 | ecosystem: PyPI 5 | details: invenio-app before 1.1.1 allows host header injection. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.1.1 10 | versions: 11 | - 1.0.0.dev20170000 12 | - 1.0.0a1 13 | - 1.0.0a2 14 | - 1.0.0a3 15 | - 1.0.0b1 16 | - 1.0.0b2 17 | - 1.0.0 18 | - 1.0.1 19 | - 1.0.2 20 | - 1.0.3 21 | - 1.0.4 22 | - 1.0.5 23 | - 1.0.6 24 | - 1.1.0 25 | aliases: 26 | - CVE-2019-1020006 27 | modified: '2019-08-01T16:12:00Z' 28 | published: '2019-07-29T15:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247 32 | -------------------------------------------------------------------------------- /vulns/invenio-app/PYSEC-2019-94.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-94 2 | package: 3 | name: invenio-app 4 | ecosystem: PyPI 5 | details: invenio-app before 1.1.1 allows host header injection. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.1.1 10 | versions: 11 | - 1.0.0.dev20170000 12 | - 1.0.0a1 13 | - 1.0.0a2 14 | - 1.0.0a3 15 | - 1.0.0b1 16 | - 1.0.0b2 17 | - 1.0.0 18 | - 1.0.1 19 | - 1.0.2 20 | - 1.0.3 21 | - 1.0.4 22 | - 1.0.5 23 | - 1.0.6 24 | - 1.1.0 25 | aliases: 26 | - CVE-2019-1020006 27 | modified: '2019-08-01T16:12:00Z' 28 | published: '2019-07-29T15:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247 32 | -------------------------------------------------------------------------------- /vulns/donfig/PYSEC-2019-21.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-21 2 | package: 3 | name: donfig 4 | ecosystem: PyPI 5 | details: An issue was discovered in Donfig 0.3.0. There is a vulnerability in the 6 | collect_yaml method in config_obj.py. It can execute arbitrary Python commands, 7 | resulting in command execution. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.4.0 12 | versions: 13 | - 0.1.0 14 | - 0.1.1 15 | - 0.1.2 16 | - 0.2.0 17 | - 0.3.0 18 | aliases: 19 | - CVE-2019-7537 20 | modified: '2019-03-26T14:13:00Z' 21 | published: '2019-03-21T20:29:00Z' 22 | references: 23 | - type: WEB 24 | url: https://github.com/pytroll/donfig/issues/5 25 | - type: WEB 26 | url: https://github.com/pytroll/donfig/commits/master 27 | -------------------------------------------------------------------------------- /vulns/donfig/PYSEC-2019-91.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-91 2 | package: 3 | name: donfig 4 | ecosystem: PyPI 5 | details: An issue was discovered in Donfig 0.3.0. There is a vulnerability in the 6 | collect_yaml method in config_obj.py. It can execute arbitrary Python commands, 7 | resulting in command execution. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.4.0 12 | versions: 13 | - 0.1.0 14 | - 0.1.1 15 | - 0.1.2 16 | - 0.2.0 17 | - 0.3.0 18 | aliases: 19 | - CVE-2019-7537 20 | modified: '2019-03-26T14:13:00Z' 21 | published: '2019-03-21T20:29:00Z' 22 | references: 23 | - type: WEB 24 | url: https://github.com/pytroll/donfig/issues/5 25 | - type: WEB 26 | url: https://github.com/pytroll/donfig/commits/master 27 | -------------------------------------------------------------------------------- /vulns/gramaddict/PYSEC-2021-65.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-65 2 | package: 3 | name: gramaddict 4 | ecosystem: PyPI 5 | details: GramAddict through 1.2.3 allows remote attackers to execute arbitrary code 6 | because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach 7 | TCP port 7912, e.g., by being on the same Wi-Fi network. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.2.4 12 | versions: 13 | - 1.2.0b1 14 | - 1.2.0b2 15 | - 1.2.0b3 16 | - 1.2.0 17 | - 1.2.1 18 | - 1.2.2 19 | - 1.2.3 20 | aliases: 21 | - CVE-2020-36245 22 | modified: '2021-02-24T13:58:00Z' 23 | published: '2021-02-17T22:15:00Z' 24 | references: 25 | - type: WEB 26 | url: https://github.com/GramAddict/bot/issues/134 27 | -------------------------------------------------------------------------------- /vulns/rsa/PYSEC-2020-100.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-100 2 | package: 3 | name: rsa 4 | ecosystem: PyPI 5 | details: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. 6 | An attacker can use this flaw via the RSA decryption API to decrypt parts of the 7 | cipher text encrypted with RSA. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: '4.7' 12 | versions: 13 | - '4.7' 14 | - 4.7.1 15 | - 4.7.2 16 | aliases: 17 | - CVE-2020-25658 18 | modified: '2020-12-10T14:56:00Z' 19 | published: '2020-11-12T14:15:00Z' 20 | references: 21 | - type: WEB 22 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 23 | - type: WEB 24 | url: https://github.com/sybrenstuvel/python-rsa/issues/165 25 | -------------------------------------------------------------------------------- /vulns/git-big-picture/PYSEC-2021-15.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-15 2 | package: 3 | name: git-big-picture 4 | ecosystem: PyPI 5 | details: git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading 6 | to code execution. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.0.0 11 | versions: 12 | - 0.10.0 13 | - 0.10.1 14 | aliases: 15 | - CVE-2021-3028 16 | modified: '2021-01-19T14:43:00Z' 17 | published: '2021-01-13T17:15:00Z' 18 | references: 19 | - type: WEB 20 | url: https://github.com/git-big-picture/git-big-picture/pull/62 21 | - type: WEB 22 | url: https://github.com/git-big-picture/git-big-picture/pull/27 23 | - type: WEB 24 | url: https://github.com/git-big-picture/git-big-picture/releases/tag/v1.0.0 25 | -------------------------------------------------------------------------------- /vulns/sqla-yaml-fixtures/PYSEC-2019-52.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-52 2 | package: 3 | name: sqla-yaml-fixtures 4 | ecosystem: PyPI 5 | details: Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code 6 | via the fixture_text argument in sqla_yaml_fixtures.load. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.0.0 11 | versions: 12 | - 0.1.0 13 | - 0.1.1 14 | - 0.1.2 15 | - 0.2.0 16 | - 0.3.0 17 | - 0.4.0 18 | - 0.5.0 19 | - 0.6.0 20 | - 0.7.0 21 | - 0.8.0 22 | - 0.9.0 23 | - 0.9.1 24 | aliases: 25 | - CVE-2019-3575 26 | modified: '2019-01-31T18:00:00Z' 27 | published: '2019-01-03T19:29:00Z' 28 | references: 29 | - type: WEB 30 | url: https://github.com/schettino72/sqla_yaml_fixtures/issues/20 31 | -------------------------------------------------------------------------------- /vulns/sqla-yaml-fixtures/PYSEC-2019-122.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-122 2 | package: 3 | name: sqla-yaml-fixtures 4 | ecosystem: PyPI 5 | details: Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code 6 | via the fixture_text argument in sqla_yaml_fixtures.load. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.0.0 11 | versions: 12 | - 0.1.0 13 | - 0.1.1 14 | - 0.1.2 15 | - 0.2.0 16 | - 0.3.0 17 | - 0.4.0 18 | - 0.5.0 19 | - 0.6.0 20 | - 0.7.0 21 | - 0.8.0 22 | - 0.9.0 23 | - 0.9.1 24 | aliases: 25 | - CVE-2019-3575 26 | modified: '2019-01-31T18:00:00Z' 27 | published: '2019-01-03T19:29:00Z' 28 | references: 29 | - type: WEB 30 | url: https://github.com/schettino72/sqla_yaml_fixtures/issues/20 31 | -------------------------------------------------------------------------------- /vulns/pyqlib/PYSEC-2021-86.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-86 2 | package: 3 | name: pyqlib 4 | ecosystem: PyPI 5 | details: This affects all versions of package qlib. The workflow function in cli part 6 | of qlib was using an unsafe YAML load function. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 0.6.3 11 | versions: 12 | - 0.5.0.dev10 13 | - 0.5.0.dev7 14 | - 0.5.0.dev8 15 | - 0.5.0.dev9 16 | - 0.5.1 17 | - 0.5.1.dev0 18 | - 0.6.0 19 | - 0.6.1 20 | - 0.6.2 21 | aliases: 22 | - CVE-2021-23338 23 | modified: '2021-06-09T05:01:32.318077Z' 24 | published: '2021-02-15T16:15:00Z' 25 | references: 26 | - type: WEB 27 | url: https://github.com/418sec/huntr/pull/1329 28 | - type: WEB 29 | url: https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635 30 | -------------------------------------------------------------------------------- /vulns/locust/PYSEC-2020-60.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-60 2 | package: 3 | name: locust 4 | ecosystem: PyPI 5 | details: A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust 6 | before 1.3.2, if the installation violates the usage expectations by exposing this 7 | UI to outside users. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.3.2 12 | versions: 13 | - '1.0' 14 | - 1.0.1 15 | - 1.0.2 16 | - 1.0.3 17 | - '1.1' 18 | - 1.1.1 19 | - '1.2' 20 | - 1.2.1 21 | - 1.2.2 22 | - 1.2.3 23 | - 1.3.0 24 | - 1.3.1 25 | aliases: 26 | - CVE-2020-28364 27 | modified: '2020-11-17T20:37:00Z' 28 | published: '2020-11-09T21:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://docs.locust.io/en/stable/changelog.html 32 | -------------------------------------------------------------------------------- /vulns/mayan-edms-ng/PYSEC-2018-16.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-16 2 | package: 3 | name: mayan-edms-ng 4 | ecosystem: PyPI 5 | details: An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets 6 | window.location directly, leading to XSS. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 3.0.2 11 | versions: 12 | - '2.8' 13 | - '3.0' 14 | - 3.0.1 15 | aliases: 16 | - CVE-2018-16405 17 | modified: '2021-06-16T00:03:23.682256Z' 18 | published: '2018-09-03T19:29:00Z' 19 | references: 20 | - type: WEB 21 | url: https://gitlab.com/mayan-edms/mayan-edms/issues/494 22 | - type: WEB 23 | url: https://gitlab.com/mayan-edms/mayan-edms/commit/9ebe80595afe4fdd1e2c74358d6a9421f4ce130e 24 | - type: WEB 25 | url: https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst 26 | -------------------------------------------------------------------------------- /vulns/tuf/PYSEC-2020-147.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-147 2 | package: 3 | name: tuf 4 | ecosystem: PyPI 5 | details: TUF (aka The Update Framework) through 0.12.1 has Improper Verification of 6 | a Cryptographic Signature. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 0.12.2 11 | versions: 12 | - 0.7.5 13 | - 0.9.8 14 | - 0.9.9 15 | - 0.10.0 16 | - 0.10.1 17 | - 0.10.2 18 | - 0.11.dev0 19 | - 0.11.0 20 | - 0.11.1 21 | - 0.11.2.dev1 22 | - 0.11.2.dev2 23 | - 0.11.2.dev3 24 | - 0.12.dev0 25 | - 0.12.dev1 26 | - 0.12.dev2 27 | - 0.12.0 28 | - 0.12.1 29 | aliases: 30 | - CVE-2020-6174 31 | modified: '2020-02-07T19:19:00Z' 32 | published: '2020-02-05T16:15:00Z' 33 | references: 34 | - type: WEB 35 | url: https://github.com/theupdateframework/tuf/pull/974 36 | -------------------------------------------------------------------------------- /vulns/rediswrapper/PYSEC-2019-46.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-46 2 | package: 3 | name: rediswrapper 4 | ecosystem: PyPI 5 | details: Uncontrolled deserialization of a pickled object in models.py in Frost Ming 6 | rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary 7 | scripts. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.3.0 12 | versions: 13 | - 0.1.0 14 | - 0.2.0 15 | - 0.2.1 16 | aliases: 17 | - CVE-2019-17206 18 | modified: '2019-12-09T19:06:00Z' 19 | published: '2019-10-05T23:15:00Z' 20 | references: 21 | - type: WEB 22 | url: https://github.com/frostming/rediswrapper/pull/1 23 | - type: WEB 24 | url: https://github.com/frostming/rediswrapper/releases/tag/v0.3.0 25 | - type: WEB 26 | url: https://github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0 27 | -------------------------------------------------------------------------------- /vulns/rediswrapper/PYSEC-2019-116.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-116 2 | package: 3 | name: rediswrapper 4 | ecosystem: PyPI 5 | details: Uncontrolled deserialization of a pickled object in models.py in Frost Ming 6 | rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary 7 | scripts. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.3.0 12 | versions: 13 | - 0.1.0 14 | - 0.2.0 15 | - 0.2.1 16 | aliases: 17 | - CVE-2019-17206 18 | modified: '2019-12-09T19:06:00Z' 19 | published: '2019-10-05T23:15:00Z' 20 | references: 21 | - type: WEB 22 | url: https://github.com/frostming/rediswrapper/pull/1 23 | - type: WEB 24 | url: https://github.com/frostming/rediswrapper/releases/tag/v0.3.0 25 | - type: WEB 26 | url: https://github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0 27 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2019-143.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-143 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to 6 | Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions 7 | which disabled server certificate checking. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.10.1 12 | versions: 13 | - 1.10.0 14 | - 1.10.1b1 15 | - 1.10.1rc2 16 | - 1.8.1 17 | - 1.8.2 18 | - 1.8.2rc1 19 | - 1.9.0 20 | aliases: 21 | - CVE-2018-20245 22 | modified: '2021-06-10T06:51:25.502672Z' 23 | published: '2019-01-23T17:29:00Z' 24 | references: 25 | - type: WEB 26 | url: https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3E 27 | -------------------------------------------------------------------------------- /vulns/misp-maltego/PYSEC-2020-66.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-66 2 | package: 3 | name: misp-maltego 4 | ecosystem: PyPI 5 | details: MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users 6 | in a remote-transform use case. 7 | affects: 8 | ranges: 9 | - type: GIT 10 | repo: https://github.com/MISP/MISP-maltego 11 | fixed: 3ccde66dab4096ab5663e69f352992cc73e1160b 12 | - type: ECOSYSTEM 13 | fixed: 1.4.5 14 | versions: 15 | - 1.3.0 16 | - 1.3.2 17 | - 1.3.3 18 | - 1.3.4 19 | - 1.3.7 20 | - 1.4.0 21 | - 1.4.1 22 | - 1.4.2 23 | - 1.4.3 24 | - 1.4.4 25 | aliases: 26 | - CVE-2020-12889 27 | modified: '2020-05-19T13:38:00Z' 28 | published: '2020-05-15T18:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://github.com/MISP/MISP-maltego/commit/3ccde66dab4096ab5663e69f352992cc73e1160b 32 | -------------------------------------------------------------------------------- /vulns/ceilometer/PYSEC-2019-8.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-8 2 | package: 3 | name: ceilometer 4 | ecosystem: PyPI 5 | details: A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information 6 | Exposure in ceilometer-agent prints sensitive configuration data to log files without 7 | DEBUG logging being activated. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 12.0.0.0rc1 12 | versions: 13 | - '0.1' 14 | - '0.2' 15 | - 8.1.5 16 | - 9.0.6 17 | - 9.0.7 18 | - 10.0.1 19 | - 11.0.0 20 | - 11.0.1 21 | - 11.1.0 22 | aliases: 23 | - CVE-2019-3830 24 | modified: '2020-10-22T14:44:00Z' 25 | published: '2019-03-26T18:29:00Z' 26 | references: 27 | - type: WEB 28 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830 29 | - type: WEB 30 | url: https://access.redhat.com/errata/RHSA-2019:0919 31 | -------------------------------------------------------------------------------- /vulns/oncall/PYSEC-2021-33.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-33 2 | package: 3 | name: oncall 4 | ecosystem: PyPI 5 | details: LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of 6 | mishandling of the "No results found for" message in the search bar. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.4.1 11 | versions: 12 | - 1.1.2 13 | - 1.1.3 14 | - 1.1.4 15 | - 1.1.5 16 | - 1.1.7 17 | - 1.1.8 18 | - 1.1.9 19 | - 1.1.10 20 | - 1.2.0 21 | - 1.2.1 22 | - 1.2.2 23 | - 1.2.3 24 | - 1.2.4 25 | - 1.3.4 26 | - 1.3.5 27 | - 1.3.6 28 | - 1.3.7 29 | - 1.3.8 30 | - 1.3.9 31 | - 1.4.0 32 | aliases: 33 | - CVE-2021-26722 34 | modified: '2021-02-08T20:54:00Z' 35 | published: '2021-02-05T18:15:00Z' 36 | references: 37 | - type: WEB 38 | url: https://github.com/linkedin/oncall/issues/341 39 | -------------------------------------------------------------------------------- /vulns/ceilometer/PYSEC-2019-78.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-78 2 | package: 3 | name: ceilometer 4 | ecosystem: PyPI 5 | details: A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information 6 | Exposure in ceilometer-agent prints sensitive configuration data to log files without 7 | DEBUG logging being activated. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 12.0.0.0rc1 12 | versions: 13 | - '0.1' 14 | - '0.2' 15 | - 8.1.5 16 | - 9.0.6 17 | - 9.0.7 18 | - 10.0.1 19 | - 11.0.0 20 | - 11.0.1 21 | - 11.1.0 22 | aliases: 23 | - CVE-2019-3830 24 | modified: '2020-10-22T14:44:00Z' 25 | published: '2019-03-26T18:29:00Z' 26 | references: 27 | - type: WEB 28 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830 29 | - type: WEB 30 | url: https://access.redhat.com/errata/RHSA-2019:0919 31 | -------------------------------------------------------------------------------- /vulns/django-celery-results/PYSEC-2020-38.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-38 2 | package: 3 | name: django-celery-results 4 | ecosystem: PyPI 5 | details: django-celery-results through 1.2.1 stores task results in the database. 6 | Among the data it stores are the variables passed into the tasks. The variables 7 | may contain sensitive cleartext information that does not belong unencrypted in 8 | the database. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 2.0.0 13 | versions: 14 | - 1.0.0 15 | - 1.0.1 16 | - 1.0.2 17 | - 1.0.3 18 | - 1.0.4 19 | - 1.1.0 20 | - 1.1.1 21 | - 1.1.2 22 | - 1.2.0 23 | - 1.2.1 24 | aliases: 25 | - CVE-2020-17495 26 | modified: '2020-08-14T20:09:00Z' 27 | published: '2020-08-11T21:15:00Z' 28 | references: 29 | - type: WEB 30 | url: https://github.com/celery/django-celery-results/issues/142 31 | -------------------------------------------------------------------------------- /vulns/invenio-communities/PYSEC-2019-25.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-25 2 | package: 3 | name: invenio-communities 4 | ecosystem: PyPI 5 | details: invenio-communities before 1.0.0a20 allows XSS. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.0.0a20 10 | versions: 11 | - 1.0.0a1 12 | - 1.0.0a2 13 | - 1.0.0a3 14 | - 1.0.0a4 15 | - 1.0.0a5 16 | - 1.0.0a6 17 | - 1.0.0a7 18 | - 1.0.0a8 19 | - 1.0.0a9 20 | - 1.0.0a10 21 | - 1.0.0a11 22 | - 1.0.0a12 23 | - 1.0.0a13 24 | - 1.0.0a14 25 | - 1.0.0a15 26 | - 1.0.0a16 27 | - 1.0.0a17 28 | - 1.0.0a18 29 | - 1.0.0a19 30 | aliases: 31 | - CVE-2019-1020005 32 | modified: '2019-08-01T16:59:00Z' 33 | published: '2019-07-29T15:15:00Z' 34 | references: 35 | - type: WEB 36 | url: https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg 37 | -------------------------------------------------------------------------------- /vulns/invenio-communities/PYSEC-2019-95.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-95 2 | package: 3 | name: invenio-communities 4 | ecosystem: PyPI 5 | details: invenio-communities before 1.0.0a20 allows XSS. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.0.0a20 10 | versions: 11 | - 1.0.0a1 12 | - 1.0.0a2 13 | - 1.0.0a3 14 | - 1.0.0a4 15 | - 1.0.0a5 16 | - 1.0.0a6 17 | - 1.0.0a7 18 | - 1.0.0a8 19 | - 1.0.0a9 20 | - 1.0.0a10 21 | - 1.0.0a11 22 | - 1.0.0a12 23 | - 1.0.0a13 24 | - 1.0.0a14 25 | - 1.0.0a15 26 | - 1.0.0a16 27 | - 1.0.0a17 28 | - 1.0.0a18 29 | - 1.0.0a19 30 | aliases: 31 | - CVE-2019-1020005 32 | modified: '2019-08-01T16:59:00Z' 33 | published: '2019-07-29T15:15:00Z' 34 | references: 35 | - type: WEB 36 | url: https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg 37 | -------------------------------------------------------------------------------- /vulns/keystone/PYSEC-2018-9.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-9 2 | package: 3 | name: keystone 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration 6 | vulnerability because invalid usernames have much faster responses than valid ones 7 | for a POST /v3/auth/tokens request. NOTE: the vendor''s position is that this is 8 | a hardening opportunity, and not necessarily an issue that should have an OpenStack 9 | Security Advisory.' 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 14.1.0 14 | versions: 15 | - 12.0.2 16 | - 12.0.3 17 | - 13.0.2 18 | - 13.0.3 19 | - 13.0.4 20 | - 14.0.0 21 | - 14.0.1 22 | aliases: 23 | - CVE-2018-20170 24 | modified: '2021-06-10T06:51:56.696140Z' 25 | published: '2018-12-17T07:29:00Z' 26 | references: 27 | - type: WEB 28 | url: https://bugs.launchpad.net/keystone/+bug/1795800 29 | -------------------------------------------------------------------------------- /vulns/plone/PYSEC-2020-87.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-87 2 | package: 3 | name: plone 4 | ecosystem: PyPI 5 | details: plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege 6 | level to escalate their privileges up to the highest level. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | introduced: 5.2.0 11 | fixed: 5.2.2 12 | versions: 13 | - 5.2.0 14 | - 5.2.1 15 | aliases: 16 | - CVE-2020-7938 17 | modified: '2020-01-24T23:03:00Z' 18 | published: '2020-01-23T21:15:00Z' 19 | references: 20 | - type: WEB 21 | url: https://plone.org/security/hotfix/20200121 22 | - type: WEB 23 | url: https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed 24 | - type: WEB 25 | url: https://www.openwall.com/lists/oss-security/2020/01/22/1 26 | - type: WEB 27 | url: http://www.openwall.com/lists/oss-security/2020/01/24/1 28 | -------------------------------------------------------------------------------- /vulns/pyarchery/PYSEC-2019-42.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-42 2 | package: 3 | name: pyarchery 4 | ecosystem: PyPI 5 | details: In Archery before 1.3, inserting an XSS payload into a project name (either 6 | by creating a new project or editing an existing one) will result in stored XSS 7 | on the vulnerability-scan scheduling page. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.3.0 12 | versions: 13 | - '0.1' 14 | - '0.2' 15 | - '0.3' 16 | - '1.0' 17 | - 1.1.0 18 | - 1.2.0 19 | aliases: 20 | - CVE-2019-20008 21 | modified: '2020-01-02T14:27:00Z' 22 | published: '2019-12-26T23:15:00Z' 23 | references: 24 | - type: WEB 25 | url: https://github.com/archerysec/archerysec/issues/338 26 | - type: WEB 27 | url: https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3 28 | - type: WEB 29 | url: https://github.com/archerysec/archerysec/releases/tag/v1.3 30 | -------------------------------------------------------------------------------- /vulns/pyarchery/PYSEC-2019-112.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-112 2 | package: 3 | name: pyarchery 4 | ecosystem: PyPI 5 | details: In Archery before 1.3, inserting an XSS payload into a project name (either 6 | by creating a new project or editing an existing one) will result in stored XSS 7 | on the vulnerability-scan scheduling page. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.3.0 12 | versions: 13 | - '0.1' 14 | - '0.2' 15 | - '0.3' 16 | - '1.0' 17 | - 1.1.0 18 | - 1.2.0 19 | aliases: 20 | - CVE-2019-20008 21 | modified: '2020-01-02T14:27:00Z' 22 | published: '2019-12-26T23:15:00Z' 23 | references: 24 | - type: WEB 25 | url: https://github.com/archerysec/archerysec/issues/338 26 | - type: WEB 27 | url: https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3 28 | - type: WEB 29 | url: https://github.com/archerysec/archerysec/releases/tag/v1.3 30 | -------------------------------------------------------------------------------- /vulns/tuf/PYSEC-2020-146.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-146 2 | package: 3 | name: tuf 4 | ecosystem: PyPI 5 | details: TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource 6 | Consumption. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | introduced: 0.7.5 11 | fixed: 0.12.2 12 | versions: 13 | - 0.7.5 14 | - 0.9.8 15 | - 0.9.9 16 | - 0.10.0 17 | - 0.10.1 18 | - 0.10.2 19 | - 0.11.dev0 20 | - 0.11.0 21 | - 0.11.1 22 | - 0.11.2.dev1 23 | - 0.11.2.dev2 24 | - 0.11.2.dev3 25 | - 0.12.dev0 26 | - 0.12.dev1 27 | - 0.12.dev2 28 | - 0.12.0 29 | - 0.12.1 30 | aliases: 31 | - CVE-2020-6173 32 | modified: '2020-01-21T19:55:00Z' 33 | published: '2020-01-14T19:15:00Z' 34 | references: 35 | - type: WEB 36 | url: https://github.com/theupdateframework/tuf/issues/973 37 | - type: WEB 38 | url: https://github.com/theupdateframework/tuf/commits/develop 39 | -------------------------------------------------------------------------------- /vulns/django/PYSEC-2018-4.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-4 2 | package: 3 | name: django 4 | ecosystem: PyPI 5 | details: django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, 6 | and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information 7 | by leveraging data exposure from the confirm_login_allowed() method, as demonstrated 8 | by discovering whether a user account is inactive. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: '2.0' 13 | fixed: 2.0.2 14 | versions: 15 | - '2.0' 16 | - 2.0.1 17 | aliases: 18 | - CVE-2018-6188 19 | modified: '2021-06-16T00:03:23.096188Z' 20 | published: '2018-02-05T03:29:00Z' 21 | references: 22 | - type: WEB 23 | url: https://www.djangoproject.com/weblog/2018/feb/01/security-releases/ 24 | - type: WEB 25 | url: http://www.securitytracker.com/id/1040422 26 | - type: WEB 27 | url: https://usn.ubuntu.com/3559-1/ 28 | -------------------------------------------------------------------------------- /vulns/pyspark/PYSEC-2018-25.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-25 2 | package: 3 | name: pyspark 4 | ecosystem: PyPI 5 | details: In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark 6 | or SparkR, it's possible for a different local user to connect to the Spark application 7 | and impersonate the user running the Spark application. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 2.2.0 12 | fixed: 2.2.2 13 | - type: ECOSYSTEM 14 | fixed: 2.1.3 15 | versions: 16 | - 2.1.1 17 | - 2.1.2 18 | - 2.2.0 19 | - 2.2.1 20 | aliases: 21 | - CVE-2018-1334 22 | modified: '2021-06-16T00:03:24.717902Z' 23 | published: '2018-07-12T13:29:00Z' 24 | references: 25 | - type: WEB 26 | url: https://spark.apache.org/security.html#CVE-2018-1334 27 | - type: WEB 28 | url: https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E 29 | -------------------------------------------------------------------------------- /vulns/linotp/PYSEC-2019-33.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-33 2 | package: 3 | name: linotp 4 | ecosystem: PyPI 5 | details: KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 6 | of 2). 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 2.11.1 11 | versions: 12 | - '2.7' 13 | - 2.7.0.2 14 | - 2.7.1 15 | - 2.7.1.1 16 | - 2.7.1.2 17 | - 2.7.2 18 | - 2.7.2.1 19 | - 2.7.2.2 20 | - '2.8' 21 | - 2.8.0.1 22 | - 2.8.0.2 23 | - 2.8.0.3 24 | - 2.8.1 25 | - 2.8.1.2 26 | - 2.8.1.3 27 | - 2.8.1.7 28 | - '2.9' 29 | - 2.9.0.3 30 | - 2.9.0.4 31 | - 2.9.0.5 32 | - 2.9.1 33 | - 2.9.1.4 34 | - 2.9.3 35 | - 2.9.3.1 36 | - 2.9.3.2 37 | - 2.9.3.3 38 | - '2.10' 39 | - 2.10.0.1 40 | aliases: 41 | - CVE-2019-12887 42 | modified: '2020-08-24T17:37:00Z' 43 | published: '2019-06-27T14:15:00Z' 44 | references: 45 | - type: WEB 46 | url: https://www.linotp.org/CVE-2019-12887.txt 47 | -------------------------------------------------------------------------------- /vulns/linotp/PYSEC-2019-103.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-103 2 | package: 3 | name: linotp 4 | ecosystem: PyPI 5 | details: KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 6 | of 2). 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 2.11.1 11 | versions: 12 | - '2.7' 13 | - 2.7.0.2 14 | - 2.7.1 15 | - 2.7.1.1 16 | - 2.7.1.2 17 | - 2.7.2 18 | - 2.7.2.1 19 | - 2.7.2.2 20 | - '2.8' 21 | - 2.8.0.1 22 | - 2.8.0.2 23 | - 2.8.0.3 24 | - 2.8.1 25 | - 2.8.1.2 26 | - 2.8.1.3 27 | - 2.8.1.7 28 | - '2.9' 29 | - 2.9.0.3 30 | - 2.9.0.4 31 | - 2.9.0.5 32 | - 2.9.1 33 | - 2.9.1.4 34 | - 2.9.3 35 | - 2.9.3.1 36 | - 2.9.3.2 37 | - 2.9.3.3 38 | - '2.10' 39 | - 2.10.0.1 40 | aliases: 41 | - CVE-2019-12887 42 | modified: '2020-08-24T17:37:00Z' 43 | published: '2019-06-27T14:15:00Z' 44 | references: 45 | - type: WEB 46 | url: https://www.linotp.org/CVE-2019-12887.txt 47 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2020-2.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-2 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: An archive traversal flaw was found in all ansible-engine versions 2.9.x 6 | prior to 2.9.7, when running ansible-galaxy collection install. When extracting 7 | a collection .tar.gz file, the directory is created without sanitizing the filename. 8 | An attacker could take advantage to overwrite any file within the system. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: 2.9.0 13 | fixed: 2.9.7 14 | versions: 15 | - 2.9.0 16 | - 2.9.1 17 | - 2.9.2 18 | - 2.9.3 19 | - 2.9.4 20 | - 2.9.5 21 | - 2.9.6 22 | aliases: 23 | - CVE-2020-10691 24 | modified: '2020-05-21T14:49:00Z' 25 | published: '2020-04-30T17:15:00Z' 26 | references: 27 | - type: WEB 28 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691 29 | - type: WEB 30 | url: https://github.com/ansible/ansible/pull/68596 31 | -------------------------------------------------------------------------------- /vulns/rpyc/PYSEC-2019-118.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-118 2 | package: 3 | name: rpyc 4 | ecosystem: PyPI 5 | details: In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object 6 | attributes to construct a remote procedure call that executes code for an RPyC service 7 | with default configuration settings. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 4.1.0 12 | fixed: 4.1.2 13 | versions: 14 | - 4.1.0 15 | - 4.1.1 16 | aliases: 17 | - CVE-2019-16328 18 | modified: '2020-08-24T17:37:00Z' 19 | published: '2019-10-03T20:15:00Z' 20 | references: 21 | - type: WEB 22 | url: https://rpyc.readthedocs.io/en/latest/docs/security.html 23 | - type: WEB 24 | url: https://github.com/tomerfiliba/rpyc 25 | - type: WEB 26 | url: http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.html 27 | - type: WEB 28 | url: http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.html 29 | -------------------------------------------------------------------------------- /vulns/rpyc/PYSEC-2019-48.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-48 2 | package: 3 | name: rpyc 4 | ecosystem: PyPI 5 | details: In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object 6 | attributes to construct a remote procedure call that executes code for an RPyC service 7 | with default configuration settings. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 4.1.0 12 | fixed: 4.1.2 13 | versions: 14 | - 4.1.0 15 | - 4.1.1 16 | aliases: 17 | - CVE-2019-16328 18 | modified: '2020-08-24T17:37:00Z' 19 | published: '2019-10-03T20:15:00Z' 20 | references: 21 | - type: WEB 22 | url: https://rpyc.readthedocs.io/en/latest/docs/security.html 23 | - type: WEB 24 | url: https://github.com/tomerfiliba/rpyc 25 | - type: WEB 26 | url: http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.html 27 | - type: WEB 28 | url: http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.html 29 | -------------------------------------------------------------------------------- /vulns/modoboa-dmarc/PYSEC-2019-35.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-35 2 | package: 3 | name: modoboa-dmarc 4 | ecosystem: PyPI 5 | details: The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External 6 | Entity Injection (XXE) attack when processing XML data. A remote attacker could 7 | exploit this to perform a denial of service against the DMARC reporting functionality, 8 | such as by referencing the /dev/random file within XML documents that are emailed 9 | to the address in the rua field of the DMARC records of a domain. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 1.2.0 14 | versions: 15 | - 0.1.0 16 | - 0.1.1 17 | - 0.2.0 18 | - 0.3.0 19 | - 1.0.0 20 | - 1.0.1 21 | - 1.0.2 22 | - 1.1.0 23 | aliases: 24 | - CVE-2019-19702 25 | modified: '2019-12-19T15:11:00Z' 26 | published: '2019-12-10T20:15:00Z' 27 | references: 28 | - type: WEB 29 | url: https://github.com/modoboa/modoboa-dmarc/issues/38 30 | -------------------------------------------------------------------------------- /vulns/modoboa-dmarc/PYSEC-2019-105.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-105 2 | package: 3 | name: modoboa-dmarc 4 | ecosystem: PyPI 5 | details: The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External 6 | Entity Injection (XXE) attack when processing XML data. A remote attacker could 7 | exploit this to perform a denial of service against the DMARC reporting functionality, 8 | such as by referencing the /dev/random file within XML documents that are emailed 9 | to the address in the rua field of the DMARC records of a domain. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 1.2.0 14 | versions: 15 | - 0.1.0 16 | - 0.1.1 17 | - 0.2.0 18 | - 0.3.0 19 | - 1.0.0 20 | - 1.0.1 21 | - 1.0.2 22 | - 1.1.0 23 | aliases: 24 | - CVE-2019-19702 25 | modified: '2019-12-19T15:11:00Z' 26 | published: '2019-12-10T20:15:00Z' 27 | references: 28 | - type: WEB 29 | url: https://github.com/modoboa/modoboa-dmarc/issues/38 30 | -------------------------------------------------------------------------------- /vulns/nnabla/PYSEC-2019-107.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-107 2 | package: 3 | name: nnabla 4 | ecosystem: PyPI 5 | details: nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) 6 | through v1.0.14 relies on the HOME environment variable, which might be untrusted. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.0.15 11 | versions: 12 | - 0.9.1rc3 13 | - 0.9.2 14 | - 0.9.3 15 | - 0.9.4 16 | - 0.9.5 17 | - 0.9.6 18 | - 0.9.7 19 | - 0.9.8 20 | - 0.9.9 21 | - 1.0.0rc2 22 | - 1.0.0 23 | - 1.0.1 24 | - 1.0.2 25 | - 1.0.3 26 | - 1.0.4 27 | - 1.0.5 28 | - 1.0.6 29 | - 1.0.7 30 | - 1.0.8 31 | - 1.0.9 32 | - 1.0.10.dev1 33 | - 1.0.10 34 | - 1.0.11 35 | - 1.0.12 36 | - 1.0.13 37 | - 1.0.14 38 | aliases: 39 | - CVE-2019-10844 40 | modified: '2019-04-05T20:09:00Z' 41 | published: '2019-04-04T05:29:00Z' 42 | references: 43 | - type: WEB 44 | url: https://github.com/sony/nnabla/issues/209 45 | -------------------------------------------------------------------------------- /vulns/nnabla/PYSEC-2019-37.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-37 2 | package: 3 | name: nnabla 4 | ecosystem: PyPI 5 | details: nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) 6 | through v1.0.14 relies on the HOME environment variable, which might be untrusted. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.0.15 11 | versions: 12 | - 0.9.1rc3 13 | - 0.9.2 14 | - 0.9.3 15 | - 0.9.4 16 | - 0.9.5 17 | - 0.9.6 18 | - 0.9.7 19 | - 0.9.8 20 | - 0.9.9 21 | - 1.0.0rc2 22 | - 1.0.0 23 | - 1.0.1 24 | - 1.0.2 25 | - 1.0.3 26 | - 1.0.4 27 | - 1.0.5 28 | - 1.0.6 29 | - 1.0.7 30 | - 1.0.8 31 | - 1.0.9 32 | - 1.0.10.dev1 33 | - 1.0.10 34 | - 1.0.11 35 | - 1.0.12 36 | - 1.0.13 37 | - 1.0.14 38 | aliases: 39 | - CVE-2019-10844 40 | modified: '2019-04-05T20:09:00Z' 41 | published: '2019-04-04T05:29:00Z' 42 | references: 43 | - type: WEB 44 | url: https://github.com/sony/nnabla/issues/209 45 | -------------------------------------------------------------------------------- /vulns/steam/PYSEC-2019-125.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-125 2 | package: 3 | name: steam 4 | ecosystem: PyPI 5 | details: Valve Steam Client before 2019-09-12 allows placing or appending partially 6 | controlled filesystem content, as demonstrated by file modifications on Windows 7 | in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation 8 | of privilege, or unspecified other impact. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: '2019-09-12' 13 | aliases: 14 | - CVE-2019-17180 15 | modified: '2020-01-16T13:15:00Z' 16 | published: '2019-10-04T20:15:00Z' 17 | references: 18 | - type: WEB 19 | url: https://habr.com/ru/company/pm/blog/469507/ 20 | - type: WEB 21 | url: https://amonitoring.ru/article/steam_vuln_3/ 22 | - type: WEB 23 | url: https://hackerone.com/reports/682774 24 | - type: WEB 25 | url: https://store.steampowered.com/news/54236/ 26 | - type: WEB 27 | url: https://hackerone.com/reports/583184 28 | -------------------------------------------------------------------------------- /vulns/steam/PYSEC-2019-55.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-55 2 | package: 3 | name: steam 4 | ecosystem: PyPI 5 | details: Valve Steam Client before 2019-09-12 allows placing or appending partially 6 | controlled filesystem content, as demonstrated by file modifications on Windows 7 | in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation 8 | of privilege, or unspecified other impact. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: '2019-09-12' 13 | aliases: 14 | - CVE-2019-17180 15 | modified: '2020-01-16T13:15:00Z' 16 | published: '2019-10-04T20:15:00Z' 17 | references: 18 | - type: WEB 19 | url: https://habr.com/ru/company/pm/blog/469507/ 20 | - type: WEB 21 | url: https://amonitoring.ru/article/steam_vuln_3/ 22 | - type: WEB 23 | url: https://hackerone.com/reports/682774 24 | - type: WEB 25 | url: https://store.steampowered.com/news/54236/ 26 | - type: WEB 27 | url: https://hackerone.com/reports/583184 28 | -------------------------------------------------------------------------------- /vulns/proxy-py/PYSEC-2021-46.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-46 2 | package: 3 | name: proxy-py 4 | ecosystem: PyPI 5 | details: before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py 6 | before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean 7 | confusion (and versus or). 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 2.3.1 12 | versions: 13 | - '0.1' 14 | - '0.2' 15 | - '0.3' 16 | - 1.0.0 17 | - 1.1.0 18 | - 1.1.1 19 | - 2.0.0 20 | - 2.1.1 21 | - 2.1.2 22 | - 2.2.0 23 | aliases: 24 | - CVE-2021-3116 25 | modified: '2021-01-14T15:09:00Z' 26 | published: '2021-01-11T05:15:00Z' 27 | references: 28 | - type: WEB 29 | url: https://pypi.org/project/proxy.py/2.3.1/#history 30 | - type: WEB 31 | url: https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/ 32 | - type: WEB 33 | url: https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46 34 | -------------------------------------------------------------------------------- /vulns/webargs/PYSEC-2020-156.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-156 2 | package: 3 | name: webargs 4 | ecosystem: PyPI 5 | details: flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type 6 | header is application/json when receiving JSON input. If the request body is valid 7 | JSON, it will accept it even if the content type is application/x-www-form-urlencoded. 8 | This allows for JSON POST requests to be made across domains, leading to CSRF. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: 5.0.0 13 | fixed: 5.5.3 14 | versions: 15 | - 5.0.0 16 | - 5.1.0 17 | - 5.1.1 18 | - 5.1.1.post0 19 | - 5.1.2 20 | - 5.1.3 21 | - 5.2.0 22 | - 5.3.0 23 | - 5.3.1 24 | - 5.3.2 25 | - 5.4.0 26 | - 5.5.0 27 | - 5.5.1 28 | - 5.5.2 29 | aliases: 30 | - CVE-2020-7965 31 | modified: '2020-02-03T16:36:00Z' 32 | published: '2020-01-29T15:15:00Z' 33 | references: 34 | - type: WEB 35 | url: https://webargs.readthedocs.io/en/latest/changelog.html 36 | -------------------------------------------------------------------------------- /vulns/matrix-sydent/PYSEC-2021-24.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-24 2 | package: 3 | name: matrix-sydent 4 | ecosystem: PyPI 5 | details: '### Impact Missing input validation of some parameters on the endpoints 6 | used to confirm third-party identifiers could cause excessive use of disk space 7 | and memory leading to resource exhaustion. ### Patches Fixed by 3175fd3. ### Workarounds 8 | There are no known workarounds. ### References n/a ### For more information If you 9 | have any questions or comments about this advisory, email us at security@matrix.org.' 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 2.3.0 14 | versions: 15 | - 2.0.0 16 | - 2.0.1 17 | - 2.1.0 18 | - 2.2.0 19 | aliases: 20 | - CVE-2021-29433 21 | modified: '2021-04-22T17:17:00Z' 22 | published: '2021-04-15T18:15:00Z' 23 | references: 24 | - type: WEB 25 | url: https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553 26 | - type: WEB 27 | url: https://pypi.org/project/matrix-sydent/ 28 | -------------------------------------------------------------------------------- /vulns/snapcraft/PYSEC-2020-109.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-109 2 | package: 3 | name: snapcraft 4 | ecosystem: PyPI 5 | details: In some conditions, a snap package built by snapcraft includes the current 6 | directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within 7 | the context of another snap if both plug the home interface or similar. This issue 8 | affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 9 | 2.43.1+18.04.1. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 2.43.1 14 | versions: 15 | - '2.33' 16 | - '2.39' 17 | - 2.40.1 18 | - '2.41' 19 | - '2.42' 20 | - '2.43' 21 | aliases: 22 | - CVE-2020-27348 23 | modified: '2020-12-14T20:36:00Z' 24 | published: '2020-12-04T03:15:00Z' 25 | references: 26 | - type: WEB 27 | url: https://usn.ubuntu.com/usn/usn-4661-1 28 | - type: WEB 29 | url: https://github.com/snapcore/snapcraft/pull/3345 30 | - type: WEB 31 | url: https://bugs.launchpad.net/bugs/1901572 32 | -------------------------------------------------------------------------------- /vulns/bsdiff4/PYSEC-2020-30.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-30 2 | package: 3 | name: bsdiff4 4 | ecosystem: PyPI 5 | details: A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows 6 | an attacker to write to heap memory (beyond allocated bounds) via a crafted patch 7 | file. 8 | affects: 9 | ranges: 10 | - type: GIT 11 | repo: https://github.com/ilanschnell/bsdiff4 12 | fixed: 49a4cee2feef7deaf9d89e5e793a8824930284d7 13 | - type: ECOSYSTEM 14 | fixed: 1.2.0 15 | versions: 16 | - 1.0.0 17 | - 1.0.1 18 | - 1.1.0 19 | - 1.1.1 20 | - 1.1.2 21 | - 1.1.3 22 | - 1.1.4 23 | - 1.1.5 24 | - 1.1.6 25 | - 1.1.7 26 | - 1.1.8 27 | - 1.1.9 28 | aliases: 29 | - CVE-2020-15904 30 | modified: '2020-07-31T16:15:00Z' 31 | published: '2020-07-22T23:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7 35 | - type: WEB 36 | url: https://github.com/ilanschnell/bsdiff4/blob/master/CHANGELOG.txt 37 | -------------------------------------------------------------------------------- /vulns/invenio-records/PYSEC-2019-27.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-27 2 | package: 3 | name: invenio-records 4 | ecosystem: PyPI 5 | details: invenio-records before 1.2.2 allows XSS. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.0.2 10 | versions: 11 | - 0.1.0 12 | - 0.2.0 13 | - 0.2.1 14 | - 0.3.0 15 | - 0.3.1 16 | - 0.3.2 17 | - 0.3.3 18 | - 0.3.4 19 | - 0.3.4.post1 20 | - 1.0.0a1 21 | - 1.0.0a2 22 | - 1.0.0a3 23 | - 1.0.0a4 24 | - 1.0.0a5 25 | - 1.0.0a6 26 | - 1.0.0a7 27 | - 1.0.0a8 28 | - 1.0.0a9 29 | - 1.0.0a10 30 | - 1.0.0a11 31 | - 1.0.0a12 32 | - 1.0.0a14 33 | - 1.0.0a15 34 | - 1.0.0a16 35 | - 1.0.0a17 36 | - 1.0.0b1 37 | - 1.0.0b2 38 | - 1.0.0b3 39 | - 1.0.0b4 40 | - 1.0.0 41 | - 1.0.1 42 | aliases: 43 | - CVE-2019-1020003 44 | modified: '2019-08-01T16:29:00Z' 45 | published: '2019-07-29T15:15:00Z' 46 | references: 47 | - type: WEB 48 | url: https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j 49 | -------------------------------------------------------------------------------- /vulns/invenio-records/PYSEC-2019-97.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-97 2 | package: 3 | name: invenio-records 4 | ecosystem: PyPI 5 | details: invenio-records before 1.2.2 allows XSS. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 1.0.2 10 | versions: 11 | - 0.1.0 12 | - 0.2.0 13 | - 0.2.1 14 | - 0.3.0 15 | - 0.3.1 16 | - 0.3.2 17 | - 0.3.3 18 | - 0.3.4 19 | - 0.3.4.post1 20 | - 1.0.0a1 21 | - 1.0.0a2 22 | - 1.0.0a3 23 | - 1.0.0a4 24 | - 1.0.0a5 25 | - 1.0.0a6 26 | - 1.0.0a7 27 | - 1.0.0a8 28 | - 1.0.0a9 29 | - 1.0.0a10 30 | - 1.0.0a11 31 | - 1.0.0a12 32 | - 1.0.0a14 33 | - 1.0.0a15 34 | - 1.0.0a16 35 | - 1.0.0a17 36 | - 1.0.0b1 37 | - 1.0.0b2 38 | - 1.0.0b3 39 | - 1.0.0b4 40 | - 1.0.0 41 | - 1.0.1 42 | aliases: 43 | - CVE-2019-1020003 44 | modified: '2019-08-01T16:29:00Z' 45 | published: '2019-07-29T15:15:00Z' 46 | references: 47 | - type: WEB 48 | url: https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j 49 | -------------------------------------------------------------------------------- /vulns/django-js-reverse/PYSEC-2019-19.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-19 2 | package: 3 | name: django-js-reverse 4 | ecosystem: PyPI 5 | details: django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 0.9.1 10 | versions: 11 | - 0.0.1 12 | - 0.0.2 13 | - 0.1.0 14 | - 0.1.1 15 | - 0.2.0 16 | - 0.2.1 17 | - 0.3.0 18 | - 0.3.1 19 | - 0.3.2 20 | - 0.3.3 21 | - 0.4.0 22 | - 0.4.1 23 | - 0.4.2 24 | - 0.4.3 25 | - 0.4.4 26 | - 0.4.5 27 | - 0.4.6 28 | - 0.5.0 29 | - 0.5.1 30 | - 0.6.0 31 | - 0.6.1 32 | - 0.7.0 33 | - 0.7.1 34 | - 0.7.2 35 | - 0.7.3 36 | - 0.8.1 37 | - 0.8.2 38 | - 0.9.0 39 | aliases: 40 | - CVE-2019-15486 41 | modified: '2019-08-26T17:39:00Z' 42 | published: '2019-08-23T13:15:00Z' 43 | references: 44 | - type: WEB 45 | url: https://github.com/ierror/django-js-reverse/compare/v0.9.0...v0.9.1 46 | - type: WEB 47 | url: https://github.com/ierror/django-js-reverse/pull/81 48 | -------------------------------------------------------------------------------- /vulns/django-js-reverse/PYSEC-2019-89.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-89 2 | package: 3 | name: django-js-reverse 4 | ecosystem: PyPI 5 | details: django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. 6 | affects: 7 | ranges: 8 | - type: ECOSYSTEM 9 | fixed: 0.9.1 10 | versions: 11 | - 0.0.1 12 | - 0.0.2 13 | - 0.1.0 14 | - 0.1.1 15 | - 0.2.0 16 | - 0.2.1 17 | - 0.3.0 18 | - 0.3.1 19 | - 0.3.2 20 | - 0.3.3 21 | - 0.4.0 22 | - 0.4.1 23 | - 0.4.2 24 | - 0.4.3 25 | - 0.4.4 26 | - 0.4.5 27 | - 0.4.6 28 | - 0.5.0 29 | - 0.5.1 30 | - 0.6.0 31 | - 0.6.1 32 | - 0.7.0 33 | - 0.7.1 34 | - 0.7.2 35 | - 0.7.3 36 | - 0.8.1 37 | - 0.8.2 38 | - 0.9.0 39 | aliases: 40 | - CVE-2019-15486 41 | modified: '2019-08-26T17:39:00Z' 42 | published: '2019-08-23T13:15:00Z' 43 | references: 44 | - type: WEB 45 | url: https://github.com/ierror/django-js-reverse/compare/v0.9.0...v0.9.1 46 | - type: WEB 47 | url: https://github.com/ierror/django-js-reverse/pull/81 48 | -------------------------------------------------------------------------------- /vulns/drf-jwt/PYSEC-2020-40.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-40 2 | package: 3 | name: drf-jwt 4 | ecosystem: PyPI 5 | details: 'An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers 6 | with access to a notionally invalidated token to obtain a new, working token via 7 | the refresh endpoint, because the blacklist protection mechanism is incompatible 8 | with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, 9 | which is unmaintained.' 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | introduced: 1.15.0 14 | fixed: 1.15.1 15 | versions: 16 | - 1.15.0 17 | aliases: 18 | - CVE-2020-10594 19 | modified: '2020-03-19T17:38:00Z' 20 | published: '2020-03-15T22:15:00Z' 21 | references: 22 | - type: WEB 23 | url: https://github.com/jpadilla/django-rest-framework-jwt/issues/484 24 | - type: WEB 25 | url: https://pypi.org/project/drf-jwt/1.15.1/#history 26 | - type: WEB 27 | url: https://github.com/Styria-Digital/django-rest-framework-jwt/issues/36 28 | -------------------------------------------------------------------------------- /vulns/arrayfire/PYSEC-2019-144.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-144 2 | package: 3 | name: arrayfire 4 | ecosystem: PyPI 5 | details: An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition 6 | of the repr() attribute to an enum is mishandled, leading to memory corruption. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 3.6.0 11 | versions: 12 | - 3.0.20150914 13 | - 3.1.20151111 14 | - 3.2.20151211 15 | - 3.2.20151214 16 | - 3.2.20151224 17 | - 3.2.20151224.post1 18 | - 3.3.20160320 19 | - 3.3.20160328 20 | - 3.3.20160427 21 | - 3.3.20160427.post1 22 | - 3.3.20160510 23 | - 3.3.20160516 24 | - 3.3.20160624 25 | - 3.3.20160624.post1 26 | - 3.4.20160925 27 | - 3.4.20161126 28 | - 3.4.20170222 29 | - 3.5.20170718 30 | - 3.5.20170721 31 | - 3.5.20170817 32 | aliases: 33 | - CVE-2018-20998 34 | modified: '2021-06-10T06:51:33.535067Z' 35 | published: '2019-08-26T18:15:00Z' 36 | references: 37 | - type: WEB 38 | url: https://rustsec.org/advisories/RUSTSEC-2018-0011.html 39 | -------------------------------------------------------------------------------- /vulns/py-mini-racer/PYSEC-2020-93.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-93 2 | package: 3 | name: py-mini-racer 4 | ecosystem: PyPI 5 | details: A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 6 | allows remote attackers to potentially exploit heap corruption. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 0.3.0 11 | versions: 12 | - 0.1.1 13 | - 0.1.2 14 | - 0.1.3 15 | - 0.1.4 16 | - 0.1.5.dev0 17 | - 0.1.5 18 | - 0.1.6 19 | - 0.1.7 20 | - 0.1.8 21 | - 0.1.9 22 | - 0.1.10 23 | - 0.1.11 24 | - 0.1.12 25 | - 0.1.13 26 | - 0.1.14 27 | - 0.1.15 28 | - 0.1.17 29 | - 0.1.18 30 | - 0.2.0b1 31 | - 0.2.0b2 32 | - 0.2.0 33 | aliases: 34 | - CVE-2020-25489 35 | modified: '2020-09-24T13:39:00Z' 36 | published: '2020-09-17T18:15:00Z' 37 | references: 38 | - type: WEB 39 | url: https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/ 40 | - type: WEB 41 | url: https://github.com/sqreen/PyMiniRacer/compare/v0.2.0...v0.3.0 42 | -------------------------------------------------------------------------------- /vulns/cloudtoken/PYSEC-2018-1.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-1 2 | package: 3 | name: cloudtoken 4 | ecosystem: PyPI 5 | details: Unauthenticated access to cloudtoken daemon on Linux via network from version 6 | 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary 7 | AWS credentials for the users' roles. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 0.1.1 12 | fixed: 0.1.24 13 | versions: 14 | - 0.1.1 15 | - 0.1.10 16 | - 0.1.11 17 | - 0.1.12 18 | - 0.1.13 19 | - 0.1.14 20 | - 0.1.15 21 | - 0.1.16 22 | - 0.1.17 23 | - 0.1.18 24 | - 0.1.19 25 | - 0.1.2 26 | - 0.1.21 27 | - 0.1.22 28 | - 0.1.23 29 | - 0.1.3 30 | - 0.1.5 31 | - 0.1.6 32 | - 0.1.7 33 | - 0.1.8 34 | - 0.1.9 35 | aliases: 36 | - CVE-2018-13390 37 | modified: '2021-06-10T06:50:35.324330Z' 38 | published: '2018-08-10T15:29:00Z' 39 | references: 40 | - type: WEB 41 | url: https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux 42 | -------------------------------------------------------------------------------- /vulns/flask-caching/PYSEC-2021-13.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-13 2 | package: 3 | name: flask-caching 4 | ecosystem: PyPI 5 | details: The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for 6 | serialization, which may lead to remote code execution or local privilege escalation. 7 | If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, 8 | etc.), they can construct a crafted payload, poison the cache, and execute Python 9 | code. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | introduced: 1.0.0 14 | versions: 15 | - 1.0.0 16 | - 1.0.1 17 | - 1.1.0 18 | - 1.1.1 19 | - 1.2.0 20 | - 1.3.0 21 | - 1.3.1 22 | - 1.3.2 23 | - 1.3.3 24 | - 1.4.0 25 | - 1.5.0 26 | - 1.6.0 27 | - 1.7.0 28 | - 1.7.1 29 | - 1.7.2 30 | - 1.8.0 31 | - 1.9.0 32 | - 1.10.0 33 | - 1.10.1 34 | aliases: 35 | - CVE-2021-33026 36 | modified: '2021-05-13T23:15:00Z' 37 | published: '2021-05-13T23:15:00Z' 38 | references: 39 | - type: WEB 40 | url: https://github.com/sh4nks/flask-caching/pull/209 41 | -------------------------------------------------------------------------------- /vulns/tink/PYSEC-2020-142.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-142 2 | package: 3 | name: tink 4 | ecosystem: PyPI 5 | details: A mis-handling of invalid unicode characters in the Java implementation of 6 | Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, 7 | which result in the creation of a second ciphertext that can decrypt to the same 8 | plaintext. This can be a problem with encrypting deterministic AEAD with a single 9 | key, and rely on a unique ciphertext-per-plaintext. 10 | affects: 11 | ranges: 12 | - type: GIT 13 | repo: https://github.com/google/tink 14 | fixed: 93d839a5865b9d950dffdc9d0bc99b71280a8899 15 | - type: ECOSYSTEM 16 | fixed: 1.5.0 17 | versions: 18 | - 1.4.0 19 | aliases: 20 | - CVE-2020-8929 21 | modified: '2020-10-29T22:16:00Z' 22 | published: '2020-10-19T13:15:00Z' 23 | references: 24 | - type: WEB 25 | url: https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r 26 | - type: WEB 27 | url: https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899 28 | -------------------------------------------------------------------------------- /vulns/postfix-mta-sts-resolver/PYSEC-2020-174.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-174 2 | package: 3 | name: postfix-mta-sts-resolver 4 | ecosystem: PyPI 5 | details: In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect 6 | response from daemon under rare conditions, rendering downgrade of effective STS 7 | policy. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.5.1 12 | versions: 13 | - 0.1.1 14 | - 0.1.2 15 | - 0.1.3 16 | - 0.1.4 17 | - 0.1.5 18 | - 0.2.0 19 | - 0.2.1 20 | - 0.2.2 21 | - 0.2.3 22 | - 0.2.4 23 | - 0.2.5 24 | - 0.2.7 25 | - 0.2.8 26 | - 0.2.9 27 | - 0.3.0 28 | - 0.4.0 29 | - 0.4.1 30 | - 0.4.2 31 | - 0.4.3 32 | - 0.4.4 33 | - 0.4.5 34 | - 0.5.0 35 | aliases: 36 | - CVE-2019-16791 37 | modified: '2020-10-23T18:18:00Z' 38 | published: '2020-01-22T02:15:00Z' 39 | references: 40 | - type: WEB 41 | url: https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6 42 | - type: WEB 43 | url: https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b 44 | -------------------------------------------------------------------------------- /vulns/postfix-mta-sts-resolver/PYSEC-2020-193.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-193 2 | package: 3 | name: postfix-mta-sts-resolver 4 | ecosystem: PyPI 5 | details: In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect 6 | response from daemon under rare conditions, rendering downgrade of effective STS 7 | policy. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.5.1 12 | versions: 13 | - 0.1.1 14 | - 0.1.2 15 | - 0.1.3 16 | - 0.1.4 17 | - 0.1.5 18 | - 0.2.0 19 | - 0.2.1 20 | - 0.2.2 21 | - 0.2.3 22 | - 0.2.4 23 | - 0.2.5 24 | - 0.2.7 25 | - 0.2.8 26 | - 0.2.9 27 | - 0.3.0 28 | - 0.4.0 29 | - 0.4.1 30 | - 0.4.2 31 | - 0.4.3 32 | - 0.4.4 33 | - 0.4.5 34 | - 0.5.0 35 | aliases: 36 | - CVE-2019-16791 37 | modified: '2020-10-23T18:18:00Z' 38 | published: '2020-01-22T02:15:00Z' 39 | references: 40 | - type: WEB 41 | url: https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6 42 | - type: WEB 43 | url: https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b 44 | -------------------------------------------------------------------------------- /vulns/pykmip/PYSEC-2018-22.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-22 2 | package: 3 | name: pykmip 4 | ecosystem: PyPI 5 | details: 'OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource 6 | Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server 7 | that can result in DOS: the server can be made unavailable by one or more clients 8 | opening all of the available sockets. This attack appear to be exploitable via A 9 | client or clients open sockets with the server and then never close them. This vulnerability 10 | appears to have been fixed in 0.8.0.' 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 0.8.0 15 | versions: 16 | - 0.0.1 17 | - 0.1.0 18 | - 0.1.1 19 | - 0.2.0 20 | - 0.3.0 21 | - 0.3.1 22 | - 0.3.2 23 | - 0.3.3 24 | - 0.4.0 25 | - 0.4.1 26 | - 0.5.0 27 | - 0.6.0 28 | - 0.7.0 29 | aliases: 30 | - CVE-2018-1000872 31 | modified: '2021-06-10T06:50:52.184344Z' 32 | published: '2018-12-20T17:29:00Z' 33 | references: 34 | - type: WEB 35 | url: https://github.com/OpenKMIP/PyKMIP/issues/430 36 | -------------------------------------------------------------------------------- /vulns/pycryptodome/PYSEC-2018-21.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-21 2 | package: 3 | name: pycryptodome 4 | ecosystem: PyPI 5 | details: PyCryptodome before 3.6.6 has an integer overflow in the data_len variable 6 | in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to 7 | the mishandling of messages shorter than 16 bytes. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 3.6.6 12 | versions: 13 | - '3.0' 14 | - 3.0rc1 15 | - '3.1' 16 | - '3.2' 17 | - 3.2.1 18 | - '3.3' 19 | - 3.3.1 20 | - '3.4' 21 | - 3.4.11 22 | - 3.4.3 23 | - 3.4.4 24 | - 3.4.5 25 | - 3.4.6 26 | - 3.4.7 27 | - 3.4.8 28 | - 3.4.9 29 | - 3.5.0 30 | - 3.5.1 31 | - 3.6.0 32 | - 3.6.1 33 | - 3.6.3 34 | - 3.6.4 35 | - 3.6.5 36 | aliases: 37 | - CVE-2018-15560 38 | modified: '2021-06-10T06:52:01.279206Z' 39 | published: '2018-08-20T00:29:00Z' 40 | references: 41 | - type: WEB 42 | url: https://whitehatck01.blogspot.com/2018/08/integer-overflow-vulnerability-in.html 43 | - type: WEB 44 | url: https://github.com/Legrandin/pycryptodome/issues/198 45 | -------------------------------------------------------------------------------- /vulns/moin/PYSEC-2020-67.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-67 2 | package: 3 | name: moin 4 | ecosystem: PyPI 5 | details: The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory 6 | traversal through a crafted HTTP request. An attacker who can upload attachments 7 | to the wiki can use this to achieve remote code execution. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.9.11 12 | versions: 13 | - 1.8.4 14 | - 1.8.5 15 | - 1.8.6 16 | - 1.8.7 17 | - 1.9.0 18 | - 1.9.1 19 | - 1.9.2 20 | - 1.9.3 21 | - 1.9.4 22 | - 1.9.5 23 | - 1.9.6 24 | - 1.9.7 25 | - 1.9.8 26 | - 1.9.9 27 | - 1.9.10 28 | aliases: 29 | - CVE-2020-25074 30 | modified: '2020-11-24T17:20:00Z' 31 | published: '2020-11-10T17:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://www.debian.org/security/2020/dsa-4787 35 | - type: WEB 36 | url: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq 37 | - type: WEB 38 | url: http://moinmo.in/SecurityFixes 39 | - type: WEB 40 | url: https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html 41 | -------------------------------------------------------------------------------- /vulns/octoprint/PYSEC-2021-30.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-30 2 | package: 3 | name: octoprint 4 | ecosystem: PyPI 5 | details: OctoPrint before 1.6.0 allows XSS because API error messages include the 6 | values of input parameters. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.6.0 11 | versions: 12 | - 1.3.11 13 | - 1.3.12rc1 14 | - 1.3.12rc3 15 | - 1.3.12 16 | - 1.4.0rc1 17 | - 1.4.0rc2 18 | - 1.4.0rc3 19 | - 1.4.0rc4 20 | - 1.4.0rc5 21 | - 1.4.0rc6 22 | - 1.4.0 23 | - 1.4.1rc1 24 | - 1.4.1rc2 25 | - 1.4.1rc3 26 | - 1.4.1rc4 27 | - 1.4.1 28 | - 1.4.2 29 | - 1.5.0rc1 30 | - 1.5.0rc2 31 | - 1.5.0rc3 32 | - 1.5.0 33 | - 1.5.1 34 | - 1.5.2 35 | - 1.5.3 36 | - 1.6.0rc1 37 | - 1.6.0rc2 38 | - 1.6.0rc3 39 | aliases: 40 | - CVE-2021-32561 41 | modified: '2021-05-11T15:18:00Z' 42 | published: '2021-05-11T14:15:00Z' 43 | references: 44 | - type: WEB 45 | url: https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 46 | - type: WEB 47 | url: https://www.brzozowski.io 48 | - type: WEB 49 | url: https://octoprint.org/blog/2021/04/27/new-release-1.6.0/ 50 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2019-142.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-142 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: In Apache Airflow before 1.10.2, a malicious admin user could edit the state 6 | of objects in the Airflow metadata database to execute arbitrary javascript on certain 7 | page views. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.10.2 12 | versions: 13 | - 1.10.0 14 | - 1.10.1 15 | - 1.10.1b1 16 | - 1.10.1rc2 17 | - 1.10.2b2 18 | - 1.10.2rc1 19 | - 1.10.2rc2 20 | - 1.10.2rc3 21 | - 1.8.1 22 | - 1.8.2 23 | - 1.8.2rc1 24 | - 1.9.0 25 | aliases: 26 | - CVE-2018-20244 27 | modified: '2021-06-10T06:52:05.219935Z' 28 | published: '2019-02-27T18:29:00Z' 29 | references: 30 | - type: WEB 31 | url: https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E 32 | - type: WEB 33 | url: https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E 34 | - type: WEB 35 | url: http://www.openwall.com/lists/oss-security/2019/04/10/6 36 | -------------------------------------------------------------------------------- /vulns/django/PYSEC-2018-3.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-3 2 | package: 3 | name: django 4 | ecosystem: PyPI 5 | details: An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged 6 | users can read the password hashes of arbitrary accounts. The read-only password 7 | widget used by the Django Admin to display an obfuscated password hash was bypassed 8 | if a user has only the "view" permission (new in Django 2.1), resulting in display 9 | of the entire password hash to those users. This may result in a vulnerability for 10 | sites with legacy user accounts using insecure hashes. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | introduced: '2.1' 15 | fixed: 2.1.2 16 | versions: 17 | - '2.1' 18 | - 2.1.1 19 | aliases: 20 | - CVE-2018-16984 21 | modified: '2021-06-10T06:50:43.349902Z' 22 | published: '2018-10-02T18:29:00Z' 23 | references: 24 | - type: WEB 25 | url: https://www.djangoproject.com/weblog/2018/oct/01/security-release/ 26 | - type: WEB 27 | url: http://www.securitytracker.com/id/1041749 28 | - type: WEB 29 | url: https://security.netapp.com/advisory/ntap-20190502-0009/ 30 | -------------------------------------------------------------------------------- /vulns/pyyaml/PYSEC-2020-176.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-176 2 | package: 3 | name: pyyaml 4 | ecosystem: PyPI 5 | details: 'PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all 6 | functions because of a class deserialization issue, e.g., Popen is a class in the 7 | subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.' 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: '5.1' 12 | fixed: 5.2b1 13 | versions: 14 | - '5.1' 15 | - 5.1.1 16 | - 5.1.2 17 | aliases: 18 | - CVE-2019-20477 19 | modified: '2020-03-01T00:15:00Z' 20 | published: '2020-02-19T04:15:00Z' 21 | references: 22 | - type: WEB 23 | url: https://www.exploit-db.com/download/47655 24 | - type: WEB 25 | url: https://github.com/yaml/pyyaml/blob/master/CHANGES 26 | - type: WEB 27 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/ 28 | - type: WEB 29 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/ 30 | -------------------------------------------------------------------------------- /vulns/pyyaml/PYSEC-2020-195.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-195 2 | package: 3 | name: pyyaml 4 | ecosystem: PyPI 5 | details: 'PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all 6 | functions because of a class deserialization issue, e.g., Popen is a class in the 7 | subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.' 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: '5.1' 12 | fixed: 5.2b1 13 | versions: 14 | - '5.1' 15 | - 5.1.1 16 | - 5.1.2 17 | aliases: 18 | - CVE-2019-20477 19 | modified: '2020-03-01T00:15:00Z' 20 | published: '2020-02-19T04:15:00Z' 21 | references: 22 | - type: WEB 23 | url: https://www.exploit-db.com/download/47655 24 | - type: WEB 25 | url: https://github.com/yaml/pyyaml/blob/master/CHANGES 26 | - type: WEB 27 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/ 28 | - type: WEB 29 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/ 30 | -------------------------------------------------------------------------------- /vulns/octoprint/PYSEC-2021-29.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-29 2 | package: 3 | name: octoprint 4 | ecosystem: PyPI 5 | details: The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control 6 | because it attempts to manage files that are not *.log files. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.6.0 11 | versions: 12 | - 1.3.11 13 | - 1.3.12rc1 14 | - 1.3.12rc3 15 | - 1.3.12 16 | - 1.4.0rc1 17 | - 1.4.0rc2 18 | - 1.4.0rc3 19 | - 1.4.0rc4 20 | - 1.4.0rc5 21 | - 1.4.0rc6 22 | - 1.4.0 23 | - 1.4.1rc1 24 | - 1.4.1rc2 25 | - 1.4.1rc3 26 | - 1.4.1rc4 27 | - 1.4.1 28 | - 1.4.2 29 | - 1.5.0rc1 30 | - 1.5.0rc2 31 | - 1.5.0rc3 32 | - 1.5.0 33 | - 1.5.1 34 | - 1.5.2 35 | - 1.5.3 36 | - 1.6.0rc1 37 | - 1.6.0rc2 38 | - 1.6.0rc3 39 | aliases: 40 | - CVE-2021-32560 41 | modified: '2021-05-11T15:18:00Z' 42 | published: '2021-05-11T14:15:00Z' 43 | references: 44 | - type: WEB 45 | url: https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 46 | - type: WEB 47 | url: https://www.brzozowski.io 48 | - type: WEB 49 | url: https://octoprint.org/blog/2021/04/27/new-release-1.6.0/ 50 | -------------------------------------------------------------------------------- /vulns/parso/PYSEC-2019-109.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-109 2 | package: 3 | name: parso 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** A deserialization vulnerability exists in the way parso through 6 | 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, 7 | provided that an evil pickle can be written to a cache grammar file and that its 8 | parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This 9 | is disputed because "the cache directory is not under control of the attacker in 10 | any common configuration."' 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 0.5.0 15 | versions: 16 | - 0.0.1 17 | - 0.0.2 18 | - 0.0.3 19 | - 0.0.4 20 | - 0.1.0 21 | - 0.1.1 22 | - 0.2.0 23 | - 0.2.1 24 | - 0.3.0 25 | - 0.3.1 26 | - 0.3.2 27 | - 0.3.3 28 | - 0.3.4 29 | - 0.4.0 30 | aliases: 31 | - CVE-2019-12760 32 | modified: '2019-07-05T11:15:00Z' 33 | published: '2019-06-06T19:29:00Z' 34 | references: 35 | - type: WEB 36 | url: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7 37 | - type: WEB 38 | url: https://github.com/davidhalter/parso/issues/75 39 | -------------------------------------------------------------------------------- /vulns/parso/PYSEC-2019-39.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-39 2 | package: 3 | name: parso 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** A deserialization vulnerability exists in the way parso through 6 | 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, 7 | provided that an evil pickle can be written to a cache grammar file and that its 8 | parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This 9 | is disputed because "the cache directory is not under control of the attacker in 10 | any common configuration."' 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 0.5.0 15 | versions: 16 | - 0.0.1 17 | - 0.0.2 18 | - 0.0.3 19 | - 0.0.4 20 | - 0.1.0 21 | - 0.1.1 22 | - 0.2.0 23 | - 0.2.1 24 | - 0.3.0 25 | - 0.3.1 26 | - 0.3.2 27 | - 0.3.3 28 | - 0.3.4 29 | - 0.4.0 30 | aliases: 31 | - CVE-2019-12760 32 | modified: '2019-07-05T11:15:00Z' 33 | published: '2019-06-06T19:29:00Z' 34 | references: 35 | - type: WEB 36 | url: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7 37 | - type: WEB 38 | url: https://github.com/davidhalter/parso/issues/75 39 | -------------------------------------------------------------------------------- /vulns/matrix-sydent/PYSEC-2021-23.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-23 2 | package: 3 | name: matrix-sydent 4 | ecosystem: PyPI 5 | details: Sydent is a reference matrix identity server. A malicious user could abuse 6 | Sydent to send out arbitrary emails from the Sydent email address. This could be 7 | used to construct plausible phishing emails, for example. This issue has been fixed 8 | in 4469d1d. 9 | affects: 10 | ranges: 11 | - type: GIT 12 | repo: https://github.com/matrix-org/sydent 13 | fixed: 4469d1d42b2b1612b70638224c07e19623039c42 14 | - type: ECOSYSTEM 15 | fixed: 2.3.0 16 | versions: 17 | - 2.0.0 18 | - 2.0.1 19 | - 2.1.0 20 | - 2.2.0 21 | aliases: 22 | - CVE-2021-29432 23 | modified: '2021-04-22T15:25:00Z' 24 | published: '2021-04-15T21:15:00Z' 25 | references: 26 | - type: WEB 27 | url: https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx 28 | - type: WEB 29 | url: https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42 30 | - type: WEB 31 | url: https://pypi.org/project/matrix-sydent/ 32 | - type: WEB 33 | url: https://github.com/matrix-org/sydent/releases/tag/v2.3.0 34 | -------------------------------------------------------------------------------- /vulns/ecdsa/PYSEC-2020-163.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-163 2 | package: 3 | name: ecdsa 4 | ecosystem: PyPI 5 | details: A flaw was found in all python-ecdsa versions before 0.13.3, where it did 6 | not correctly verify whether signatures used DER encoding. Without this verification, 7 | a malformed signature could be accepted, making the signature malleable. Without 8 | proper verification, an attacker could use a malleable signature to create false 9 | transactions. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 0.13.3 14 | versions: 15 | - '0.6' 16 | - '0.7' 17 | - '0.8' 18 | - '0.9' 19 | - '0.10' 20 | - '0.11' 21 | - '0.12' 22 | - '0.13' 23 | - 0.13.1 24 | - 0.13.2 25 | aliases: 26 | - CVE-2019-14859 27 | modified: '2020-12-08T18:32:00Z' 28 | published: '2020-01-02T15:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 32 | - type: WEB 33 | url: https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3 34 | - type: WEB 35 | url: https://github.com/warner/python-ecdsa/issues/114 36 | - type: WEB 37 | url: https://pypi.org/project/ecdsa/0.13.3/ 38 | -------------------------------------------------------------------------------- /vulns/ecdsa/PYSEC-2020-182.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-182 2 | package: 3 | name: ecdsa 4 | ecosystem: PyPI 5 | details: A flaw was found in all python-ecdsa versions before 0.13.3, where it did 6 | not correctly verify whether signatures used DER encoding. Without this verification, 7 | a malformed signature could be accepted, making the signature malleable. Without 8 | proper verification, an attacker could use a malleable signature to create false 9 | transactions. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 0.13.3 14 | versions: 15 | - '0.6' 16 | - '0.7' 17 | - '0.8' 18 | - '0.9' 19 | - '0.10' 20 | - '0.11' 21 | - '0.12' 22 | - '0.13' 23 | - 0.13.1 24 | - 0.13.2 25 | aliases: 26 | - CVE-2019-14859 27 | modified: '2020-12-08T18:32:00Z' 28 | published: '2020-01-02T15:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 32 | - type: WEB 33 | url: https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3 34 | - type: WEB 35 | url: https://github.com/warner/python-ecdsa/issues/114 36 | - type: WEB 37 | url: https://pypi.org/project/ecdsa/0.13.3/ 38 | -------------------------------------------------------------------------------- /vulns/jupyterhub-kubespawner/PYSEC-2020-51.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-51 2 | package: 3 | name: jupyterhub-kubespawner 4 | ecosystem: PyPI 5 | details: In jupyterhub-kubespawner before 0.12, certain usernames will be able to 6 | craft particular server names which will grant them access to the default server 7 | of other users who have matching usernames. This has been fixed in 0.12. 8 | affects: 9 | ranges: 10 | - type: GIT 11 | repo: https://github.com/jupyterhub/kubespawner 12 | fixed: 3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0 13 | - type: ECOSYSTEM 14 | fixed: 0.12.0 15 | versions: 16 | - '0.1' 17 | - '0.5' 18 | - 0.5.1 19 | - 0.6.0 20 | - 0.7.1 21 | - '0.8' 22 | - 0.8.1 23 | - 0.9.0b1 24 | - 0.9.0b2 25 | - 0.9.0 26 | - 0.10.0 27 | - 0.10.1 28 | - 0.11.0 29 | - 0.11.1 30 | aliases: 31 | - CVE-2020-15110 32 | modified: '2020-07-22T20:28:00Z' 33 | published: '2020-07-17T21:15:00Z' 34 | references: 35 | - type: WEB 36 | url: https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr 37 | - type: WEB 38 | url: https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0 39 | -------------------------------------------------------------------------------- /vulns/buildbot/PYSEC-2019-7.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-7 2 | package: 3 | name: buildbot 4 | ecosystem: PyPI 5 | details: www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location 6 | header of /auth/login and /auth/logout via the redirect parameter. This affects 7 | other web sites in the same domain. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 0.9.0 12 | fixed: 1.8.1 13 | versions: 14 | - 0.9.0 15 | - 0.9.0.post1 16 | - 0.9.1 17 | - 0.9.2 18 | - 0.9.3 19 | - 0.9.4 20 | - 0.9.5 21 | - 0.9.6 22 | - 0.9.7 23 | - 0.9.8 24 | - 0.9.9 25 | - 0.9.9.post1 26 | - 0.9.9.post2 27 | - 0.9.10 28 | - 0.9.11 29 | - 0.9.12 30 | - 0.9.13 31 | - 0.9.14 32 | - 0.9.15 33 | - 0.9.15.post1 34 | - 1.0.0 35 | - 1.1.0 36 | - 1.1.1 37 | - 1.1.2 38 | - 1.2.0 39 | - 1.3.0 40 | - 1.4.0 41 | - 1.5.0 42 | - 1.6.0 43 | - 1.7.0 44 | - 1.8.0 45 | aliases: 46 | - CVE-2019-7313 47 | modified: '2019-02-06T21:48:00Z' 48 | published: '2019-02-03T08:29:00Z' 49 | references: 50 | - type: WEB 51 | url: https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code 52 | -------------------------------------------------------------------------------- /vulns/buildbot/PYSEC-2019-77.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-77 2 | package: 3 | name: buildbot 4 | ecosystem: PyPI 5 | details: www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location 6 | header of /auth/login and /auth/logout via the redirect parameter. This affects 7 | other web sites in the same domain. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 0.9.0 12 | fixed: 1.8.1 13 | versions: 14 | - 0.9.0 15 | - 0.9.0.post1 16 | - 0.9.1 17 | - 0.9.2 18 | - 0.9.3 19 | - 0.9.4 20 | - 0.9.5 21 | - 0.9.6 22 | - 0.9.7 23 | - 0.9.8 24 | - 0.9.9 25 | - 0.9.9.post1 26 | - 0.9.9.post2 27 | - 0.9.10 28 | - 0.9.11 29 | - 0.9.12 30 | - 0.9.13 31 | - 0.9.14 32 | - 0.9.15 33 | - 0.9.15.post1 34 | - 1.0.0 35 | - 1.1.0 36 | - 1.1.1 37 | - 1.1.2 38 | - 1.2.0 39 | - 1.3.0 40 | - 1.4.0 41 | - 1.5.0 42 | - 1.6.0 43 | - 1.7.0 44 | - 1.8.0 45 | aliases: 46 | - CVE-2019-7313 47 | modified: '2019-02-06T21:48:00Z' 48 | published: '2019-02-03T08:29:00Z' 49 | references: 50 | - type: WEB 51 | url: https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code 52 | -------------------------------------------------------------------------------- /vulns/eve/PYSEC-2018-8.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-8 2 | package: 3 | name: eve 4 | ecosystem: PyPI 5 | details: io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers 6 | to execute arbitrary code via Code Injection in the where parameter. 7 | affects: 8 | ranges: 9 | - type: GIT 10 | repo: https://github.com/pyeve/eve 11 | fixed: f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98 12 | - type: ECOSYSTEM 13 | fixed: 0.7.5 14 | versions: 15 | - 0.0.1 16 | - 0.0.2 17 | - 0.0.3 18 | - 0.0.4 19 | - 0.0.5 20 | - 0.0.6 21 | - 0.0.7 22 | - 0.0.8 23 | - 0.0.9 24 | - '0.1' 25 | - 0.1.1 26 | - '0.2' 27 | - '0.3' 28 | - '0.4' 29 | - '0.5' 30 | - 0.5.1 31 | - 0.5.2 32 | - 0.5.3 33 | - '0.6' 34 | - 0.6.1 35 | - 0.6.2 36 | - 0.6.3 37 | - 0.6.4 38 | - '0.7' 39 | - 0.7.1 40 | - 0.7.2 41 | - 0.7.3 42 | - 0.7.4 43 | aliases: 44 | - CVE-2018-8097 45 | modified: '2021-06-10T06:51:29.570871Z' 46 | published: '2018-03-14T12:29:00Z' 47 | references: 48 | - type: WEB 49 | url: https://github.com/pyeve/eve/issues/1101 50 | - type: WEB 51 | url: https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98 52 | -------------------------------------------------------------------------------- /vulns/papermerge/PYSEC-2020-74.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-74 2 | package: 3 | name: papermerge 4 | ecosystem: PyPI 5 | details: Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 6 | 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, 7 | tag, upload, or create folder function. The payload can be in a folder, a tag, or 8 | a document's filename. If email consumption is configured in Papermerge, a malicious 9 | document can be sent by email and is automatically uploaded into the Papermerge 10 | web application. Therefore, no authentication is required to exploit XSS if email 11 | consumption is configured. Otherwise authentication is required. 12 | affects: 13 | ranges: 14 | - type: ECOSYSTEM 15 | introduced: 1.2.0 16 | fixed: 1.5.2 17 | versions: 18 | - 1.2.0 19 | - 1.3.0 20 | aliases: 21 | - CVE-2020-29456 22 | modified: '2020-12-02T16:29:00Z' 23 | published: '2020-12-02T08:15:00Z' 24 | references: 25 | - type: WEB 26 | url: https://github.com/ciur/papermerge/issues/228 27 | - type: WEB 28 | url: https://www.papermerge.com/ 29 | - type: WEB 30 | url: https://github.com/ciur/papermerge/releases/tag/v1.5.2 31 | -------------------------------------------------------------------------------- /vulns/werkzeug/PYSEC-2020-157.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-157 2 | package: 3 | name: werkzeug 4 | ecosystem: PyPI 5 | details: Open redirect vulnerability in werkzeug before 0.11.6 via a double slash 6 | in the URL. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 0.11.6 11 | versions: 12 | - '0.1' 13 | - '0.2' 14 | - '0.3' 15 | - 0.3.1 16 | - '0.4' 17 | - 0.4.1 18 | - '0.5' 19 | - 0.5.1 20 | - '0.6' 21 | - 0.6.1 22 | - 0.6.2 23 | - '0.7' 24 | - 0.7.1 25 | - 0.7.2 26 | - '0.8' 27 | - 0.8.1 28 | - 0.8.2 29 | - 0.8.3 30 | - '0.9' 31 | - 0.9.1 32 | - 0.9.2 33 | - 0.9.3 34 | - 0.9.4 35 | - 0.9.5 36 | - 0.9.6 37 | - '0.10' 38 | - 0.10.1 39 | - 0.10.2 40 | - 0.10.3 41 | - 0.10.4 42 | - '0.11' 43 | - 0.11.1 44 | - 0.11.2 45 | - 0.11.3 46 | - 0.11.4 47 | - 0.11.5 48 | aliases: 49 | - CVE-2020-28724 50 | modified: '2020-12-01T16:05:00Z' 51 | published: '2020-11-18T15:15:00Z' 52 | references: 53 | - type: WEB 54 | url: https://github.com/pallets/werkzeug/issues/822 55 | - type: WEB 56 | url: https://github.com/pallets/werkzeug/pull/890/files 57 | - type: WEB 58 | url: https://github.com/pallets/flask/issues/1639 59 | -------------------------------------------------------------------------------- /vulns/keystone/PYSEC-2020-56.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-56 2 | package: 3 | name: keystone 4 | ecosystem: PyPI 5 | details: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. 6 | The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker 7 | can sniff the Authorization header, and then use it to reissue an OpenStack token 8 | an unlimited number of times. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 15.0.1 13 | versions: 14 | - 12.0.2 15 | - 12.0.3 16 | - 13.0.2 17 | - 13.0.3 18 | - 13.0.4 19 | - 14.0.0 20 | - 14.0.1 21 | - 14.1.0 22 | - 14.2.0 23 | - 15.0.0.0rc1 24 | - 15.0.0.0rc2 25 | - 15.0.0 26 | aliases: 27 | - CVE-2020-12692 28 | modified: '2020-09-02T16:15:00Z' 29 | published: '2020-05-07T00:15:00Z' 30 | references: 31 | - type: WEB 32 | url: https://www.openwall.com/lists/oss-security/2020/05/06/4 33 | - type: WEB 34 | url: https://bugs.launchpad.net/keystone/+bug/1872737 35 | - type: WEB 36 | url: http://www.openwall.com/lists/oss-security/2020/05/07/1 37 | - type: WEB 38 | url: https://security.openstack.org/ossa/OSSA-2020-003.html 39 | - type: WEB 40 | url: https://usn.ubuntu.com/4480-1/ 41 | -------------------------------------------------------------------------------- /vulns/pillow/PYSEC-2021-71.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-71 2 | package: 3 | name: pillow 4 | ecosystem: PyPI 5 | details: In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding 6 | crafted SGI RLE image files because offsets and length tables are mishandled. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | introduced: 4.3.0 11 | fixed: 8.1.0 12 | versions: 13 | - 4.3.0 14 | - 5.0.0 15 | - 5.1.0 16 | - 5.2.0 17 | - 5.3.0 18 | - 5.4.0.dev0 19 | - 5.4.0 20 | - 5.4.1 21 | - 6.0.0 22 | - 6.1.0 23 | - 6.2.0 24 | - 6.2.1 25 | - 6.2.2 26 | - 7.0.0 27 | - 7.1.0 28 | - 7.1.1 29 | - 7.1.2 30 | - 7.2.0 31 | - 8.0.0 32 | - 8.0.1 33 | aliases: 34 | - CVE-2020-35655 35 | modified: '2021-01-29T00:46:00Z' 36 | published: '2021-01-12T09:15:00Z' 37 | references: 38 | - type: WEB 39 | url: https://pillow.readthedocs.io/en/stable/releasenotes/index.html 40 | - type: WEB 41 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ 42 | - type: WEB 43 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ 44 | -------------------------------------------------------------------------------- /vulns/asyncpg/PYSEC-2020-24.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-24 2 | package: 3 | name: asyncpg 4 | ecosystem: PyPI 5 | details: asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash 6 | or execute arbitrary code (on a database client) via a crafted server response, 7 | because of access to an uninitialized pointer in the array data decoder. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 0.21.0 12 | versions: 13 | - 0.5.0 14 | - 0.5.1 15 | - 0.5.2 16 | - 0.5.3 17 | - 0.5.4 18 | - 0.6.1 19 | - 0.6.2 20 | - 0.6.3 21 | - 0.7.0 22 | - 0.8.0 23 | - 0.8.1 24 | - 0.8.2 25 | - 0.8.3 26 | - 0.8.4 27 | - 0.9.0.dev1 28 | - 0.9.0 29 | - 0.10.0 30 | - 0.10.1 31 | - 0.11.0 32 | - 0.12.0 33 | - 0.13.0 34 | - 0.14.0 35 | - 0.15.0 36 | - 0.16.0 37 | - 0.17.0 38 | - 0.18.0 39 | - 0.18.1 40 | - 0.18.2 41 | - 0.18.3 42 | - 0.19.0 43 | - 0.20.0 44 | - 0.20.1 45 | aliases: 46 | - CVE-2020-17446 47 | modified: '2020-09-03T01:15:00Z' 48 | published: '2020-08-12T16:15:00Z' 49 | references: 50 | - type: WEB 51 | url: https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0 52 | - type: WEB 53 | url: https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html 54 | -------------------------------------------------------------------------------- /vulns/pypiserver/PYSEC-2019-43.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-43 2 | package: 3 | name: pypiserver 4 | ecosystem: PyPI 5 | details: CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary 6 | HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.2.6 11 | versions: 12 | - 0.1.0 13 | - 0.1.1 14 | - 0.1.2 15 | - 0.1.3 16 | - 0.2.0 17 | - 0.3.0 18 | - 0.4.0 19 | - 0.4.1 20 | - 0.5.0 21 | - 0.5.1 22 | - 0.5.2 23 | - 0.6.0 24 | - 0.6.1 25 | - 1.0.0 26 | - 1.0.1 27 | - 1.1.0 28 | - 1.1.1 29 | - 1.1.2 30 | - 1.1.3 31 | - 1.1.4 32 | - 1.1.5 33 | - 1.1.6 34 | - 1.1.7-rc.1 35 | - 1.1.7 36 | - 1.1.8b0 37 | - 1.1.8b1 38 | - 1.1.8 39 | - 1.1.9.dev0 40 | - 1.1.9.dev1 41 | - 1.1.9.dev2 42 | - 1.1.9 43 | - 1.1.10 44 | - 1.2.0.dev1 45 | - 1.2.0b1 46 | - 1.2.0 47 | - 1.2.1.dev0 48 | - 1.2.1rc0 49 | - 1.2.1 50 | - 1.2.2.dev0 51 | - 1.2.2 52 | - 1.2.3 53 | - 1.2.4 54 | - 1.2.5 55 | aliases: 56 | - CVE-2019-6802 57 | modified: '2019-01-25T19:42:00Z' 58 | published: '2019-01-25T04:29:00Z' 59 | references: 60 | - type: WEB 61 | url: https://github.com/pypiserver/pypiserver/issues/237 62 | -------------------------------------------------------------------------------- /vulns/pypiserver/PYSEC-2019-113.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-113 2 | package: 3 | name: pypiserver 4 | ecosystem: PyPI 5 | details: CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary 6 | HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.2.6 11 | versions: 12 | - 0.1.0 13 | - 0.1.1 14 | - 0.1.2 15 | - 0.1.3 16 | - 0.2.0 17 | - 0.3.0 18 | - 0.4.0 19 | - 0.4.1 20 | - 0.5.0 21 | - 0.5.1 22 | - 0.5.2 23 | - 0.6.0 24 | - 0.6.1 25 | - 1.0.0 26 | - 1.0.1 27 | - 1.1.0 28 | - 1.1.1 29 | - 1.1.2 30 | - 1.1.3 31 | - 1.1.4 32 | - 1.1.5 33 | - 1.1.6 34 | - 1.1.7-rc.1 35 | - 1.1.7 36 | - 1.1.8b0 37 | - 1.1.8b1 38 | - 1.1.8 39 | - 1.1.9.dev0 40 | - 1.1.9.dev1 41 | - 1.1.9.dev2 42 | - 1.1.9 43 | - 1.1.10 44 | - 1.2.0.dev1 45 | - 1.2.0b1 46 | - 1.2.0 47 | - 1.2.1.dev0 48 | - 1.2.1rc0 49 | - 1.2.1 50 | - 1.2.2.dev0 51 | - 1.2.2 52 | - 1.2.3 53 | - 1.2.4 54 | - 1.2.5 55 | aliases: 56 | - CVE-2019-6802 57 | modified: '2019-01-25T19:42:00Z' 58 | published: '2019-01-25T04:29:00Z' 59 | references: 60 | - type: WEB 61 | url: https://github.com/pypiserver/pypiserver/issues/237 62 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2019-3.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-3 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive 6 | data should be set as such by no_log feature. Some of these fields in GCP modules 7 | are not set properly. service_account_contents() which is common class for all gcp 8 | modules is not setting no_log to True. Any sensitive data managed by that function 9 | would be leak as an output when running ansible playbooks. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | introduced: 2.8.0 14 | fixed: 2.8.4 15 | versions: 16 | - 2.8.0 17 | - 2.8.1 18 | - 2.8.2 19 | - 2.8.3 20 | aliases: 21 | - CVE-2019-10217 22 | modified: '2020-04-13T00:15:00Z' 23 | published: '2019-11-25T16:15:00Z' 24 | references: 25 | - type: WEB 26 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217 27 | - type: WEB 28 | url: https://github.com/ansible/ansible/issues/56269 29 | - type: WEB 30 | url: https://github.com/ansible/ansible/pull/59427 31 | - type: WEB 32 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html 33 | - type: WEB 34 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html 35 | -------------------------------------------------------------------------------- /vulns/jupyterhub/PYSEC-2021-67.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-67 2 | package: 3 | name: jupyterhub 4 | ecosystem: PyPI 5 | details: JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks 6 | an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user 7 | account). 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.2.0b1 12 | versions: 13 | - 0.1.0 14 | - 0.2.0 15 | - 0.3.0 16 | - 0.4.0 17 | - 0.4.1 18 | - 0.5.0 19 | - 0.6.0 20 | - 0.6.1 21 | - 0.7.0b1 22 | - 0.7.0 23 | - 0.7.1 24 | - 0.7.2 25 | - 0.8.0b1 26 | - 0.8.0b2 27 | - 0.8.0b3 28 | - 0.8.0b4 29 | - 0.8.0b5 30 | - 0.8.0rc1 31 | - 0.8.0rc2 32 | - 0.8.0 33 | - 0.8.1 34 | - 0.9.0b1 35 | - 0.9.0b2 36 | - 0.9.0b3 37 | - 0.9.0rc1 38 | - 0.9.0 39 | - 0.9.1 40 | - 0.9.2 41 | - 0.9.3 42 | - 0.9.4 43 | - 0.9.5 44 | - 0.9.6 45 | - 1.0.0b1 46 | - 1.0.0b2 47 | - 1.0.0 48 | - 1.1.0b1 49 | - 1.1.0 50 | aliases: 51 | - CVE-2020-36191 52 | modified: '2021-01-19T19:58:00Z' 53 | published: '2021-01-13T04:15:00Z' 54 | references: 55 | - type: WEB 56 | url: https://github.com/jupyterhub/jupyterhub/releases 57 | - type: WEB 58 | url: https://github.com/jupyterhub/jupyterhub/issues/3304 59 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2019-73.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-73 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive 6 | data should be set as such by no_log feature. Some of these fields in GCP modules 7 | are not set properly. service_account_contents() which is common class for all gcp 8 | modules is not setting no_log to True. Any sensitive data managed by that function 9 | would be leak as an output when running ansible playbooks. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | introduced: 2.8.0 14 | fixed: 2.8.4 15 | versions: 16 | - 2.8.0 17 | - 2.8.1 18 | - 2.8.2 19 | - 2.8.3 20 | aliases: 21 | - CVE-2019-10217 22 | modified: '2020-04-13T00:15:00Z' 23 | published: '2019-11-25T16:15:00Z' 24 | references: 25 | - type: WEB 26 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217 27 | - type: WEB 28 | url: https://github.com/ansible/ansible/issues/56269 29 | - type: WEB 30 | url: https://github.com/ansible/ansible/pull/59427 31 | - type: WEB 32 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html 33 | - type: WEB 34 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html 35 | -------------------------------------------------------------------------------- /vulns/aioxmpp/PYSEC-2019-1.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-1 2 | package: 3 | name: aioxmpp 4 | ecosystem: PyPI 5 | details: aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural 6 | Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard 7 | function that can result in Denial of Service, Other. This attack appears to be 8 | exploitable via Remote. A crafted stanza can be sent to an application which uses 9 | the vulnerable components to either inject data in a different context or cause 10 | the application to reconnect (potentially losing data). This vulnerability appears 11 | to have been fixed in 0.10.3. 12 | affects: 13 | ranges: 14 | - type: ECOSYSTEM 15 | fixed: 0.10.3 16 | versions: 17 | - '0.2' 18 | - '0.3' 19 | - 0.4.0 20 | - 0.4.1 21 | - 0.5.0 22 | - 0.5.1 23 | - 0.5.2 24 | - 0.5.3 25 | - 0.5.4 26 | - 0.6.0 27 | - 0.6.1 28 | - 0.7.0 29 | - 0.7.1 30 | - 0.7.2 31 | - 0.8.0 32 | - 0.9.0 33 | - 0.9.1 34 | - 0.10.0 35 | - 0.10.1 36 | - 0.10.2 37 | aliases: 38 | - CVE-2019-1000007 39 | modified: '2019-02-15T15:00:00Z' 40 | published: '2019-02-04T21:29:00Z' 41 | references: 42 | - type: WEB 43 | url: https://github.com/horazont/aioxmpp/pull/268 44 | -------------------------------------------------------------------------------- /vulns/aioxmpp/PYSEC-2019-71.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-71 2 | package: 3 | name: aioxmpp 4 | ecosystem: PyPI 5 | details: aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural 6 | Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard 7 | function that can result in Denial of Service, Other. This attack appears to be 8 | exploitable via Remote. A crafted stanza can be sent to an application which uses 9 | the vulnerable components to either inject data in a different context or cause 10 | the application to reconnect (potentially losing data). This vulnerability appears 11 | to have been fixed in 0.10.3. 12 | affects: 13 | ranges: 14 | - type: ECOSYSTEM 15 | fixed: 0.10.3 16 | versions: 17 | - '0.2' 18 | - '0.3' 19 | - 0.4.0 20 | - 0.4.1 21 | - 0.5.0 22 | - 0.5.1 23 | - 0.5.2 24 | - 0.5.3 25 | - 0.5.4 26 | - 0.6.0 27 | - 0.6.1 28 | - 0.7.0 29 | - 0.7.1 30 | - 0.7.2 31 | - 0.8.0 32 | - 0.9.0 33 | - 0.9.1 34 | - 0.10.0 35 | - 0.10.1 36 | - 0.10.2 37 | aliases: 38 | - CVE-2019-1000007 39 | modified: '2019-02-15T15:00:00Z' 40 | published: '2019-02-04T21:29:00Z' 41 | references: 42 | - type: WEB 43 | url: https://github.com/horazont/aioxmpp/pull/268 44 | -------------------------------------------------------------------------------- /vulns/websockets/PYSEC-2021-95.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-95 2 | package: 3 | name: websockets 4 | ecosystem: PyPI 5 | details: The aaugustin websockets library before 9.1 for Python has an Observable 6 | Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). 7 | An attacker may be able to guess a password via a timing attack. 8 | affects: 9 | ranges: 10 | - type: GIT 11 | repo: https://github.com/aaugustin/websockets 12 | fixed: 547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 13 | - type: ECOSYSTEM 14 | fixed: '9.1' 15 | versions: 16 | - '0.1' 17 | - '1.0' 18 | - '2.0' 19 | - '2.1' 20 | - '2.2' 21 | - '2.3' 22 | - '2.4' 23 | - '2.5' 24 | - '2.6' 25 | - '2.7' 26 | - '3.0' 27 | - '3.1' 28 | - '3.2' 29 | - '3.3' 30 | - '3.4' 31 | - '4.0' 32 | - 4.0.1 33 | - '5.0' 34 | - 5.0.1 35 | - '6.0' 36 | - '7.0' 37 | - '8.0' 38 | - 8.0.1 39 | - 8.0.2 40 | - '8.1' 41 | - '9.0' 42 | - 9.0.1 43 | - 9.0.2 44 | aliases: 45 | - CVE-2021-33880 46 | modified: '2021-06-09T05:01:36.173811Z' 47 | published: '2021-06-06T15:15:00Z' 48 | references: 49 | - type: WEB 50 | url: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 51 | -------------------------------------------------------------------------------- /vulns/django-rest-registration/PYSEC-2019-20.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-20 2 | package: 3 | name: django-rest-registration 4 | ecosystem: PyPI 5 | details: verification.py in django-rest-registration (aka Django REST Registration 6 | library) before 0.5.0 relies on a static string for signatures (i.e., the Django 7 | Signing API is misused), which allows remote attackers to spoof the verification 8 | process. This occurs because incorrect code refactoring led to calling a security-critical 9 | function with an incorrect argument. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 0.5.0 14 | versions: 15 | - 0.1.2 16 | - 0.2.0 17 | - 0.2.1 18 | - 0.2.4 19 | - 0.3.0 20 | - 0.3.3 21 | - 0.3.4 22 | - 0.3.5 23 | - 0.3.6 24 | - 0.3.7 25 | - 0.3.8 26 | - 0.3.9 27 | - 0.3.12 28 | - 0.3.13 29 | - 0.3.14 30 | - 0.4.0 31 | - 0.4.1 32 | - 0.4.2 33 | - 0.4.3 34 | - 0.4.4 35 | - 0.4.5 36 | aliases: 37 | - CVE-2019-13177 38 | modified: '2019-07-12T13:52:00Z' 39 | published: '2019-07-02T22:15:00Z' 40 | references: 41 | - type: WEB 42 | url: https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh 43 | - type: WEB 44 | url: https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0 45 | -------------------------------------------------------------------------------- /vulns/django-rest-registration/PYSEC-2019-90.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-90 2 | package: 3 | name: django-rest-registration 4 | ecosystem: PyPI 5 | details: verification.py in django-rest-registration (aka Django REST Registration 6 | library) before 0.5.0 relies on a static string for signatures (i.e., the Django 7 | Signing API is misused), which allows remote attackers to spoof the verification 8 | process. This occurs because incorrect code refactoring led to calling a security-critical 9 | function with an incorrect argument. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 0.5.0 14 | versions: 15 | - 0.1.2 16 | - 0.2.0 17 | - 0.2.1 18 | - 0.2.4 19 | - 0.3.0 20 | - 0.3.3 21 | - 0.3.4 22 | - 0.3.5 23 | - 0.3.6 24 | - 0.3.7 25 | - 0.3.8 26 | - 0.3.9 27 | - 0.3.12 28 | - 0.3.13 29 | - 0.3.14 30 | - 0.4.0 31 | - 0.4.1 32 | - 0.4.2 33 | - 0.4.3 34 | - 0.4.4 35 | - 0.4.5 36 | aliases: 37 | - CVE-2019-13177 38 | modified: '2019-07-12T13:52:00Z' 39 | published: '2019-07-02T22:15:00Z' 40 | references: 41 | - type: WEB 42 | url: https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh 43 | - type: WEB 44 | url: https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0 45 | -------------------------------------------------------------------------------- /vulns/mitogen/PYSEC-2019-34.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-34 2 | package: 3 | name: mitogen 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops the 6 | unidirectional-routing protection mechanism in the case of a child that is initiated 7 | by another child. The Ansible extension is unaffected. NOTE: the vendor disputes 8 | this issue because it is exploitable only in conjunction with hypothetical other 9 | factors, i.e., an affected use case within a library caller, and a bug in the message 10 | receiver policy code that led to reliance on this extra protection mechanism.' 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/dw/mitogen 15 | fixed: 5924af1566763e48c42028399ea0cd95c457b3dc 16 | - type: ECOSYSTEM 17 | fixed: 0.2.8 18 | versions: 19 | - 0.2.0 20 | - 0.2.1 21 | - 0.2.2 22 | - 0.2.3 23 | - 0.2.4 24 | - 0.2.5 25 | - 0.2.6 26 | - 0.2.7 27 | aliases: 28 | - CVE-2019-15149 29 | modified: '2019-08-30T11:38:00Z' 30 | published: '2019-08-18T20:15:00Z' 31 | references: 32 | - type: WEB 33 | url: https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18 34 | - type: WEB 35 | url: https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc 36 | -------------------------------------------------------------------------------- /vulns/mitogen/PYSEC-2019-104.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-104 2 | package: 3 | name: mitogen 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops the 6 | unidirectional-routing protection mechanism in the case of a child that is initiated 7 | by another child. The Ansible extension is unaffected. NOTE: the vendor disputes 8 | this issue because it is exploitable only in conjunction with hypothetical other 9 | factors, i.e., an affected use case within a library caller, and a bug in the message 10 | receiver policy code that led to reliance on this extra protection mechanism.' 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/dw/mitogen 15 | fixed: 5924af1566763e48c42028399ea0cd95c457b3dc 16 | - type: ECOSYSTEM 17 | fixed: 0.2.8 18 | versions: 19 | - 0.2.0 20 | - 0.2.1 21 | - 0.2.2 22 | - 0.2.3 23 | - 0.2.4 24 | - 0.2.5 25 | - 0.2.6 26 | - 0.2.7 27 | aliases: 28 | - CVE-2019-15149 29 | modified: '2019-08-30T11:38:00Z' 30 | published: '2019-08-18T20:15:00Z' 31 | references: 32 | - type: WEB 33 | url: https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18 34 | - type: WEB 35 | url: https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc 36 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2020-4.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-4 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: A flaw was found in the Ansible Engine when using module_args. Tasks executed 6 | with check mode (--check-mode) do not properly neutralize sensitive data exposed 7 | in the event data. This flaw allows unauthorized users to read this data. The highest 8 | threat from this vulnerability is to confidentiality. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: 2.8.0 13 | fixed: 2.8.14 14 | - type: ECOSYSTEM 15 | introduced: 2.9.0 16 | fixed: 2.9.12 17 | versions: 18 | - 2.8.0 19 | - 2.8.1 20 | - 2.8.2 21 | - 2.8.3 22 | - 2.8.4 23 | - 2.8.5 24 | - 2.8.6 25 | - 2.8.7 26 | - 2.8.8 27 | - 2.8.9 28 | - 2.8.10 29 | - 2.8.11 30 | - 2.8.12 31 | - 2.8.13 32 | - 2.9.0 33 | - 2.9.1 34 | - 2.9.2 35 | - 2.9.3 36 | - 2.9.4 37 | - 2.9.5 38 | - 2.9.6 39 | - 2.9.7 40 | - 2.9.8 41 | - 2.9.9 42 | - 2.9.10 43 | - 2.9.11 44 | aliases: 45 | - CVE-2020-14332 46 | modified: '2020-09-21T12:33:00Z' 47 | published: '2020-09-11T18:15:00Z' 48 | references: 49 | - type: WEB 50 | url: https://github.com/ansible/ansible/pull/71033 51 | - type: WEB 52 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332 53 | -------------------------------------------------------------------------------- /vulns/pyspark/PYSEC-2019-114.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-114 2 | package: 3 | name: pyspark 4 | ecosystem: PyPI 5 | details: Prior to Spark 2.3.3, in certain situations Spark would write user data to 6 | local disk unencrypted, even if spark.io.encryption.enabled=true. This includes 7 | cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); 8 | in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use 9 | of python udfs. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 2.3.3 14 | versions: 15 | - 2.1.1 16 | - 2.1.2 17 | - 2.1.3 18 | - 2.2.0 19 | - 2.2.1 20 | - 2.2.2 21 | - 2.2.3 22 | - 2.3.0 23 | - 2.3.1 24 | - 2.3.2 25 | aliases: 26 | - CVE-2019-10099 27 | modified: '2020-06-23T00:15:00Z' 28 | published: '2019-08-07T17:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E 32 | - type: WEB 33 | url: https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E 34 | - type: WEB 35 | url: https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E 36 | -------------------------------------------------------------------------------- /vulns/pyspark/PYSEC-2019-44.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-44 2 | package: 3 | name: pyspark 4 | ecosystem: PyPI 5 | details: Prior to Spark 2.3.3, in certain situations Spark would write user data to 6 | local disk unencrypted, even if spark.io.encryption.enabled=true. This includes 7 | cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); 8 | in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use 9 | of python udfs. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 2.3.3 14 | versions: 15 | - 2.1.1 16 | - 2.1.2 17 | - 2.1.3 18 | - 2.2.0 19 | - 2.2.1 20 | - 2.2.2 21 | - 2.2.3 22 | - 2.3.0 23 | - 2.3.1 24 | - 2.3.2 25 | aliases: 26 | - CVE-2019-10099 27 | modified: '2020-06-23T00:15:00Z' 28 | published: '2019-08-07T17:15:00Z' 29 | references: 30 | - type: WEB 31 | url: https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E 32 | - type: WEB 33 | url: https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E 34 | - type: WEB 35 | url: https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E 36 | -------------------------------------------------------------------------------- /vulns/markdown2/PYSEC-2018-13.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-13 2 | package: 3 | name: markdown2 4 | ecosystem: PyPI 5 | details: An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. 6 | The safe_mode feature, which is supposed to sanitize user input against XSS, is 7 | flawed and does not escape the input properly. With a crafted payload, XSS can be 8 | triggered, as demonstrated by omitting the final '>' character from an IMG tag. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 2.3.6 13 | versions: 14 | - 1.0.1.10 15 | - 1.0.1.11 16 | - 1.0.1.12 17 | - 1.0.1.13 18 | - 1.0.1.14 19 | - 1.0.1.15 20 | - 1.0.1.16 21 | - 1.0.1.17 22 | - 1.0.1.18 23 | - 1.0.1.19 24 | - 1.0.1.6 25 | - 1.0.1.7 26 | - 1.0.1.8 27 | - 1.0.1.9 28 | - 1.1.0 29 | - 1.1.1 30 | - 1.2.0 31 | - 1.3.0 32 | - 1.3.1 33 | - 1.4.0 34 | - 1.4.1 35 | - 1.4.2 36 | - 2.0.0 37 | - 2.0.1 38 | - 2.1.0 39 | - 2.2.0 40 | - 2.2.1 41 | - 2.2.2 42 | - 2.2.3 43 | - 2.3.0 44 | - 2.3.1 45 | - 2.3.2 46 | - 2.3.3 47 | - 2.3.4 48 | - 2.3.5 49 | aliases: 50 | - CVE-2018-5773 51 | modified: '2021-06-16T00:03:23.657711Z' 52 | published: '2018-01-18T21:29:00Z' 53 | references: 54 | - type: WEB 55 | url: https://github.com/trentm/python-markdown2/issues/285 56 | -------------------------------------------------------------------------------- /vulns/manila/PYSEC-2020-63.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-63 2 | package: 3 | name: manila 4 | ecosystem: PyPI 5 | details: OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers 6 | to view, update, delete, or share resources that do not belong to them, because 7 | of a context-free lookup of a UUID. Attackers may also create resources, such as 8 | shared file systems and groups of shares on such share networks. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 7.4.1 13 | - type: ECOSYSTEM 14 | introduced: 8.0.0 15 | fixed: 8.1.1 16 | - type: ECOSYSTEM 17 | introduced: 9.0.0 18 | fixed: 9.1.1 19 | versions: 20 | - 4.0.2 21 | - 5.0.2 22 | - 5.0.3 23 | - 5.1.0 24 | - 6.1.0 25 | - 6.2.0 26 | - 6.3.0 27 | - 6.3.1 28 | - 6.3.2 29 | - 7.0.0 30 | - 7.1.0 31 | - 7.2.0 32 | - 7.3.0 33 | - 7.4.0 34 | - 8.0.0 35 | - 8.0.1 36 | - 8.1.0 37 | - 9.0.0 38 | - 9.1.0 39 | aliases: 40 | - CVE-2020-9543 41 | modified: '2020-07-14T17:27:00Z' 42 | published: '2020-03-12T17:15:00Z' 43 | references: 44 | - type: WEB 45 | url: https://bugs.launchpad.net/manila/+bug/1861485 46 | - type: WEB 47 | url: http://www.openwall.com/lists/oss-security/2020/03/12/1 48 | - type: WEB 49 | url: https://security.openstack.org/ossa/OSSA-2020-002.html 50 | -------------------------------------------------------------------------------- /vulns/channels/PYSEC-2021-60.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-60 2 | package: 3 | name: channels 4 | ecosystem: PyPI 5 | details: Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive 6 | information from a different request scope. The legacy channels.http.AsgiHandler 7 | class, used for handling HTTP type requests in an ASGI environment prior to Django 8 | 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this 9 | would result in a crash but, with correct timing, responses could be sent to the 10 | wrong client, resulting in potential leakage of session identifiers and other sensitive 11 | data. Note that this affects only the legacy Channels provided class, and not Django's 12 | similar ASGIHandler, available from Django 3.0. 13 | affects: 14 | ranges: 15 | - type: ECOSYSTEM 16 | introduced: 3.0.0 17 | fixed: 3.0.3 18 | versions: 19 | - 3.0.0 20 | - 3.0.1 21 | - 3.0.2 22 | aliases: 23 | - CVE-2020-35681 24 | modified: '2021-02-26T12:36:00Z' 25 | published: '2021-02-22T03:15:00Z' 26 | references: 27 | - type: WEB 28 | url: https://github.com/django/channels/releases 29 | - type: WEB 30 | url: https://channels.readthedocs.io/en/stable/releases/3.0.3.html 31 | - type: WEB 32 | url: https://channels.readthedocs.io/en/stable/releases/index.html 33 | -------------------------------------------------------------------------------- /vulns/urllib3/PYSEC-2021-59.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-59 2 | package: 3 | name: urllib3 4 | ecosystem: PyPI 5 | details: The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate 6 | validation in some cases involving HTTPS to HTTPS proxies. The initial connection 7 | to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify 8 | the hostname of the certificate. This means certificates for different servers that 9 | still validate properly with the default urllib3 SSLContext will be silently accepted. 10 | affects: 11 | ranges: 12 | - type: GIT 13 | repo: https://github.com/urllib3/urllib3 14 | fixed: 8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 15 | - type: ECOSYSTEM 16 | introduced: 1.26.0 17 | fixed: 1.26.4 18 | versions: 19 | - 1.26.0 20 | - 1.26.1 21 | - 1.26.2 22 | - 1.26.3 23 | aliases: 24 | - CVE-2021-28363 25 | modified: '2021-03-23T16:47:00Z' 26 | published: '2021-03-15T18:15:00Z' 27 | references: 28 | - type: WEB 29 | url: https://github.com/urllib3/urllib3/commits/main 30 | - type: WEB 31 | url: https://pypi.org/project/urllib3/1.26.4/ 32 | - type: WEB 33 | url: https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 34 | - type: WEB 35 | url: https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r 36 | -------------------------------------------------------------------------------- /vulns/wagtail-2fa/PYSEC-2019-135.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-135 2 | package: 3 | name: wagtail-2fa 4 | ecosystem: PyPI 5 | details: When using wagtail-2fa before 1.3.0, if someone gains access to someone's 6 | Wagtail login credentials, they can log into the CMS and bypass the 2FA check by 7 | changing the URL. They can then add a new device and gain full access to the CMS. 8 | This problem has been patched in version 1.3.0. 9 | affects: 10 | ranges: 11 | - type: GIT 12 | repo: https://github.com/labd/wagtail-2fa 13 | fixed: 13b12995d35b566df08a17257a23863ab6efb0ca 14 | - type: GIT 15 | repo: https://github.com/labd/wagtail-2fa 16 | fixed: a6711b29711729005770ff481b22675b35ff5c81 17 | - type: ECOSYSTEM 18 | fixed: 1.3.0 19 | versions: 20 | - 0.0.1 21 | - 0.0.2 22 | - 0.0.3 23 | - 0.1.0 24 | - 1.0.0 25 | - 1.0.1 26 | - 1.1.0 27 | - 1.2.0 28 | aliases: 29 | - CVE-2019-16766 30 | modified: '2020-10-09T13:27:00Z' 31 | published: '2019-11-29T17:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm 35 | - type: WEB 36 | url: https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca 37 | - type: WEB 38 | url: https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81 39 | -------------------------------------------------------------------------------- /vulns/wagtail-2fa/PYSEC-2019-65.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-65 2 | package: 3 | name: wagtail-2fa 4 | ecosystem: PyPI 5 | details: When using wagtail-2fa before 1.3.0, if someone gains access to someone's 6 | Wagtail login credentials, they can log into the CMS and bypass the 2FA check by 7 | changing the URL. They can then add a new device and gain full access to the CMS. 8 | This problem has been patched in version 1.3.0. 9 | affects: 10 | ranges: 11 | - type: GIT 12 | repo: https://github.com/labd/wagtail-2fa 13 | fixed: 13b12995d35b566df08a17257a23863ab6efb0ca 14 | - type: GIT 15 | repo: https://github.com/labd/wagtail-2fa 16 | fixed: a6711b29711729005770ff481b22675b35ff5c81 17 | - type: ECOSYSTEM 18 | fixed: 1.3.0 19 | versions: 20 | - 0.0.1 21 | - 0.0.2 22 | - 0.0.3 23 | - 0.1.0 24 | - 1.0.0 25 | - 1.0.1 26 | - 1.1.0 27 | - 1.2.0 28 | aliases: 29 | - CVE-2019-16766 30 | modified: '2020-10-09T13:27:00Z' 31 | published: '2019-11-29T17:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm 35 | - type: WEB 36 | url: https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca 37 | - type: WEB 38 | url: https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81 39 | -------------------------------------------------------------------------------- /vulns/gerapy/PYSEC-2020-44.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-44 2 | package: 3 | name: gerapy 4 | ecosystem: PyPI 5 | details: "This affects the package Gerapy from 0 and before 0.9.3. The input being\ 6 | \ passed to Popen, via the project_configure endpoint, isn\u2019t being sanitized." 7 | affects: 8 | ranges: 9 | - type: GIT 10 | repo: https://github.com/Gerapy/Gerapy 11 | fixed: e8446605eb2424717418eae199ec7aad573da2d2 12 | - type: ECOSYSTEM 13 | fixed: 0.9.3 14 | versions: 15 | - 0.6.6 16 | - 0.6.7 17 | - 0.6.8 18 | - 0.6.9 19 | - 0.7.0 20 | - 0.7.1 21 | - 0.7.2 22 | - 0.7.3 23 | - 0.7.6 24 | - 0.7.7 25 | - 0.7.8 26 | - 0.7.9 27 | - 0.8.0 28 | - 0.8.1 29 | - 0.8.2 30 | - 0.8.3 31 | - 0.8.4rc2 32 | - 0.8.5rc2 33 | - 0.8.5 34 | - 0.8.6a0 35 | - 0.8.6b0 36 | - 0.8.6b1 37 | - 0.8.6rc1 38 | - 0.8.6rc2 39 | - 0.8.6 40 | - 0.8.7 41 | - 0.8.8 42 | - 0.9.0 43 | - 0.9.1 44 | - 0.9.2a0 45 | - 0.9.2rc1 46 | - 0.9.2 47 | - 0.9.3a1 48 | - 0.9.3a2 49 | - 0.9.3b1 50 | aliases: 51 | - CVE-2020-7698 52 | modified: '2020-07-31T14:59:00Z' 53 | published: '2020-07-29T13:15:00Z' 54 | references: 55 | - type: WEB 56 | url: https://github.com/Gerapy/Gerapy/commit/e8446605eb2424717418eae199ec7aad573da2d2 57 | - type: WEB 58 | url: https://snyk.io/vuln/SNYK-PYTHON-GERAPY-572470 59 | -------------------------------------------------------------------------------- /vulns/nfstream/PYSEC-2021-68.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-68 2 | package: 3 | name: nfstream 4 | ecosystem: PyPI 5 | details: An issue was discovered in NFStream 5.2.0. Because some allocated modules 6 | are not correctly freed, if the nfstream object is directly destroyed without being 7 | used after it is created, it will cause a memory leak that may result in a local 8 | denial of service (DoS). 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 6.0.0 13 | versions: 14 | - 0.1.0 15 | - 0.2.0 16 | - 0.3.0 17 | - 0.3.1 18 | - 0.4.0 19 | - 0.5.0 20 | - 1.0.0 21 | - 1.0.1 22 | - 1.0.2 23 | - 1.0.3 24 | - 1.1.0 25 | - 1.1.1 26 | - 1.1.2 27 | - 1.1.3 28 | - 1.1.4 29 | - 1.1.5 30 | - 1.1.6 31 | - 1.1.7 32 | - 1.1.8 33 | - 1.2.0 34 | - 1.2.1 35 | - 2.0.0 36 | - 2.0.1 37 | - 3.0.0 38 | - 3.0.1 39 | - 3.0.2 40 | - 3.0.3 41 | - 3.0.4 42 | - 3.1.0 43 | - 3.1.1 44 | - 3.1.2 45 | - 3.2.0 46 | - 3.2.1 47 | - 3.2.2 48 | - 4.0.0 49 | - 4.0.1 50 | - 5.0.0 51 | - 5.1.0 52 | - 5.1.1 53 | - 5.1.2 54 | - 5.1.3 55 | - 5.1.4 56 | - 5.1.5 57 | - 5.1.6 58 | - 5.2.0 59 | aliases: 60 | - CVE-2020-25340 61 | modified: '2021-02-19T21:11:00Z' 62 | published: '2021-02-16T15:15:00Z' 63 | references: 64 | - type: WEB 65 | url: https://github.com/ntop/nDPI/issues/994 66 | -------------------------------------------------------------------------------- /vulns/django/PYSEC-2018-2.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-2 2 | package: 3 | name: django 4 | ecosystem: PyPI 5 | details: django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 6 | and 2.0.x before 2.0.8 has an Open Redirect. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | introduced: '2.0' 11 | fixed: 2.0.8 12 | - type: ECOSYSTEM 13 | introduced: '1.11' 14 | fixed: 1.11.15 15 | versions: 16 | - '1.11' 17 | - 1.11.1 18 | - 1.11.10 19 | - 1.11.11 20 | - 1.11.12 21 | - 1.11.13 22 | - 1.11.14 23 | - 1.11.2 24 | - 1.11.3 25 | - 1.11.4 26 | - 1.11.5 27 | - 1.11.6 28 | - 1.11.7 29 | - 1.11.8 30 | - 1.11.9 31 | - '2.0' 32 | - 2.0.1 33 | - 2.0.2 34 | - 2.0.3 35 | - 2.0.4 36 | - 2.0.5 37 | - 2.0.6 38 | - 2.0.7 39 | aliases: 40 | - CVE-2018-14574 41 | modified: '2021-06-10T06:51:09.426505Z' 42 | published: '2018-08-03T17:29:00Z' 43 | references: 44 | - type: WEB 45 | url: https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ 46 | - type: WEB 47 | url: https://usn.ubuntu.com/3726-1/ 48 | - type: WEB 49 | url: http://www.securitytracker.com/id/1041403 50 | - type: WEB 51 | url: https://www.debian.org/security/2018/dsa-4264 52 | - type: WEB 53 | url: http://www.securityfocus.com/bid/104970 54 | - type: WEB 55 | url: https://access.redhat.com/errata/RHSA-2019:0265 56 | -------------------------------------------------------------------------------- /vulns/pyinstaller/PYSEC-2020-175.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-175 2 | package: 3 | name: pyinstaller 4 | ecosystem: PyPI 5 | details: 'In PyInstaller before version 3.6, only on Windows, a local privilege escalation 6 | vulnerability is present in this particular case: If a software using PyInstaller 7 | in "onefile" mode is launched by a privileged user (at least more than the current 8 | one) which have his "TempPath" resolving to a world writable directory. This is 9 | the case for example if the software is launched as a service or as a scheduled 10 | task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable 11 | the software has to be (re)started after the attacker launch the exploit program, 12 | so for a service launched at startup, a service restart is needed (e.g. after a 13 | crash or an upgrade).' 14 | affects: 15 | ranges: 16 | - type: ECOSYSTEM 17 | fixed: '3.6' 18 | versions: 19 | - '1.5' 20 | - 1.5.1 21 | - '2.0' 22 | - '2.1' 23 | - '3.0' 24 | - '3.1' 25 | - 3.1.1 26 | - '3.2' 27 | - 3.2.1 28 | - '3.3' 29 | - 3.3.1 30 | - '3.4' 31 | - '3.5' 32 | aliases: 33 | - CVE-2019-16784 34 | modified: '2020-10-09T13:40:00Z' 35 | published: '2020-01-14T20:15:00Z' 36 | references: 37 | - type: WEB 38 | url: https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r 39 | -------------------------------------------------------------------------------- /vulns/pyinstaller/PYSEC-2020-194.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-194 2 | package: 3 | name: pyinstaller 4 | ecosystem: PyPI 5 | details: 'In PyInstaller before version 3.6, only on Windows, a local privilege escalation 6 | vulnerability is present in this particular case: If a software using PyInstaller 7 | in "onefile" mode is launched by a privileged user (at least more than the current 8 | one) which have his "TempPath" resolving to a world writable directory. This is 9 | the case for example if the software is launched as a service or as a scheduled 10 | task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable 11 | the software has to be (re)started after the attacker launch the exploit program, 12 | so for a service launched at startup, a service restart is needed (e.g. after a 13 | crash or an upgrade).' 14 | affects: 15 | ranges: 16 | - type: ECOSYSTEM 17 | fixed: '3.6' 18 | versions: 19 | - '1.5' 20 | - 1.5.1 21 | - '2.0' 22 | - '2.1' 23 | - '3.0' 24 | - '3.1' 25 | - 3.1.1 26 | - '3.2' 27 | - 3.2.1 28 | - '3.3' 29 | - 3.3.1 30 | - '3.4' 31 | - '3.5' 32 | aliases: 33 | - CVE-2019-16784 34 | modified: '2020-10-09T13:40:00Z' 35 | published: '2020-01-14T20:15:00Z' 36 | references: 37 | - type: WEB 38 | url: https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r 39 | -------------------------------------------------------------------------------- /.github/workflows/auto_import.yaml: -------------------------------------------------------------------------------- 1 | name: Auto advisory import 2 | on: 3 | schedule: 4 | - cron: '0 * * * *' 5 | workflow_dispatch: 6 | jobs: 7 | job: 8 | continue-on-error: true 9 | name: Auto import 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | - uses: actions/setup-go@v2 14 | with: 15 | go-version: '^1.16.4' 16 | - run: | 17 | wget http://pypa-advisory-db.storage.googleapis.com/triage/pypi_links.json 18 | wget http://pypa-advisory-db.storage.googleapis.com/triage/pypi_versions.json 19 | - run: | 20 | wget https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.zip 21 | unzip nvdcve-1.1-recent.json.zip 22 | - run: | 23 | go get -u github.com/google/osv/vulnfeeds/cmd/pypi 24 | pypi -false_positives triage/false_positives.yaml \ 25 | -nvd_json nvdcve-1.1-recent.json \ 26 | -pypi_links pypi_links.json \ 27 | -pypi_versions pypi_versions.json \ 28 | -out_dir vulns \ 29 | -without_notes 30 | git config user.name github-actions 31 | git config user.email github-actions@github.com 32 | git add vulns 33 | git diff --cached 34 | env: 35 | GONOPROXY: github.com/google/osv 36 | - run: git commit -m 'Auto import' 37 | - run: git push 38 | -------------------------------------------------------------------------------- /vulns/openapi-python-client/PYSEC-2020-71.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-71 2 | package: 3 | name: openapi-python-client 4 | ecosystem: PyPI 5 | details: In openapi-python-client before version 0.5.3, clients generated with a maliciously 6 | crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution 7 | of this malicious client is arbitrary code execution. 8 | affects: 9 | ranges: 10 | - type: GIT 11 | repo: https://github.com/triaxtec/openapi-python-client 12 | fixed: f7a56aae32cba823a77a84a1f10400799b19c19a 13 | - type: ECOSYSTEM 14 | fixed: 0.5.3 15 | versions: 16 | - 0.1.0.dev0 17 | - 0.1.0 18 | - 0.1.1 19 | - 0.1.2 20 | - 0.2.0 21 | - 0.2.1 22 | - 0.3.0 23 | - 0.4.0rc1 24 | - 0.4.0 25 | - 0.4.1 26 | - 0.4.2 27 | - 0.5.0 28 | - 0.5.1 29 | - 0.5.2 30 | aliases: 31 | - CVE-2020-15142 32 | modified: '2020-08-20T18:11:00Z' 33 | published: '2020-08-14T17:15:00Z' 34 | references: 35 | - type: WEB 36 | url: https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 37 | - type: WEB 38 | url: https://pypi.org/project/openapi-python-client/ 39 | - type: WEB 40 | url: https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a 41 | - type: WEB 42 | url: https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f 43 | -------------------------------------------------------------------------------- /vulns/sopel-plugins-channelmgnt/PYSEC-2020-110.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-110 2 | package: 3 | name: sopel-plugins-channelmgnt 4 | ecosystem: PyPI 5 | details: In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, 6 | malicious users are able to op/voice and take over a channel. This is an ACL bypass 7 | vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 8 | 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, 9 | and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 1.0.3 14 | versions: 15 | - 1.0.0 16 | - 1.0.1 17 | - 1.0.2 18 | aliases: 19 | - CVE-2020-15251 20 | modified: '2021-05-04T14:02:00Z' 21 | published: '2020-10-13T18:15:00Z' 22 | references: 23 | - type: WEB 24 | url: https://pypi.org/project/sopel-plugins.channelmgnt/ 25 | - type: WEB 26 | url: https://phab.bots.miraheze.wiki/T117 27 | - type: WEB 28 | url: https://github.com/MirahezeBots/sopel-channelmgnt/pull/3 29 | - type: WEB 30 | url: https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5 31 | - type: WEB 32 | url: https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg 33 | - type: WEB 34 | url: https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary/ 35 | -------------------------------------------------------------------------------- /vulns/wagtail/PYSEC-2020-153.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-153 2 | package: 3 | name: wagtail 4 | ecosystem: PyPI 5 | details: In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists 6 | on pages or documents that have been protected with a shared password through Wagtail's 7 | "Privacy" controls. This password check is performed through a character-by-character 8 | string comparison, and so an attacker who is able to measure the time taken by this 9 | check to a high degree of accuracy could potentially use timing differences to gain 10 | knowledge of the password. This is understood to be feasible on a local network, 11 | but not on the public internet. Privacy settings that restrict access to pages/documents 12 | on a per-user or per-group basis (as opposed to a shared password) are unaffected 13 | by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9. 14 | affects: 15 | ranges: 16 | - type: ECOSYSTEM 17 | introduced: '2.8' 18 | fixed: 2.8.2 19 | - type: ECOSYSTEM 20 | introduced: '2.7' 21 | fixed: 2.7.3 22 | versions: 23 | - '2.7' 24 | - 2.7.1 25 | - 2.7.2 26 | - '2.8' 27 | - 2.8.1 28 | aliases: 29 | - CVE-2020-11037 30 | modified: '2020-05-08T15:57:00Z' 31 | published: '2020-04-30T23:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6 35 | -------------------------------------------------------------------------------- /vulns/openapi-python-client/PYSEC-2020-70.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-70 2 | package: 3 | name: openapi-python-client 4 | ecosystem: PyPI 5 | details: In openapi-python-client before version 0.5.3, there is a path traversal 6 | vulnerability. If a user generated a client using a maliciously crafted OpenAPI 7 | document, it is possible for generated files to be placed in arbitrary locations 8 | on disk. 9 | affects: 10 | ranges: 11 | - type: GIT 12 | repo: https://github.com/triaxtec/openapi-python-client 13 | fixed: 3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 14 | - type: ECOSYSTEM 15 | fixed: 0.5.3 16 | versions: 17 | - 0.1.0.dev0 18 | - 0.1.0 19 | - 0.1.1 20 | - 0.1.2 21 | - 0.2.0 22 | - 0.2.1 23 | - 0.3.0 24 | - 0.4.0rc1 25 | - 0.4.0 26 | - 0.4.1 27 | - 0.4.2 28 | - 0.5.0 29 | - 0.5.1 30 | - 0.5.2 31 | aliases: 32 | - CVE-2020-15141 33 | modified: '2020-08-20T18:02:00Z' 34 | published: '2020-08-14T17:15:00Z' 35 | references: 36 | - type: WEB 37 | url: https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 38 | - type: WEB 39 | url: https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 40 | - type: WEB 41 | url: https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj 42 | - type: WEB 43 | url: https://pypi.org/project/openapi-python-client 44 | -------------------------------------------------------------------------------- /vulns/mayan-edms/PYSEC-2018-14.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-14 2 | package: 3 | name: mayan-edms 4 | ecosystem: PyPI 5 | details: An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has 6 | XSS via a crafted cabinet label. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 3.0.2 11 | versions: 12 | - 1.0.0 13 | - 1.0.rc1 14 | - 1.0.rc2 15 | - 1.0.rc3 16 | - 1.1.0 17 | - 1.1.1 18 | - 2.0.0 19 | - 2.0.0b1 20 | - 2.0.0b2 21 | - 2.0.0rc1 22 | - 2.0.1 23 | - 2.0.2 24 | - '2.1' 25 | - 2.1.1 26 | - 2.1.10 27 | - 2.1.11 28 | - 2.1.2 29 | - 2.1.3 30 | - 2.1.4 31 | - 2.1.5 32 | - 2.1.6 33 | - 2.1rc1 34 | - 2.1rc2 35 | - '2.2' 36 | - 2.2b1 37 | - 2.2b2 38 | - 2.2b3 39 | - 2.2rc1 40 | - '2.3' 41 | - '2.4' 42 | - '2.5' 43 | - 2.5.1 44 | - 2.5.2 45 | - '2.6' 46 | - 2.6.1 47 | - 2.6.2 48 | - 2.6.3 49 | - 2.6.4 50 | - '2.7' 51 | - 2.7.1 52 | - 2.7.2 53 | - 2.7.3 54 | - '3.0' 55 | - 3.0.1 56 | aliases: 57 | - CVE-2018-16406 58 | modified: '2021-06-16T00:03:23.733638Z' 59 | published: '2018-09-03T19:29:00Z' 60 | references: 61 | - type: WEB 62 | url: https://gitlab.com/mayan-edms/mayan-edms/issues/495 63 | - type: WEB 64 | url: https://gitlab.com/mayan-edms/mayan-edms/commit/48dfc06e49c7f773749e063f8cc69c95509d1c32 65 | - type: WEB 66 | url: https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst 67 | -------------------------------------------------------------------------------- /vulns/pyopenssl/PYSEC-2018-23.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-23 2 | package: 3 | name: pyopenssl 4 | ecosystem: PyPI 5 | details: 'Python Cryptographic Authority pyopenssl version prior to version 17.5.0 6 | contains a CWE-416: Use After Free vulnerability in X509 object handling that can 7 | result in Use after free can lead to possible denial of service or remote code execution.. 8 | This attack appear to be exploitable via Depends on the calling application and 9 | if it retains a reference to the memory.. This vulnerability appears to have been 10 | fixed in 17.5.0.' 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 17.5.0 15 | versions: 16 | - '0.10' 17 | - '0.11' 18 | - '0.12' 19 | - '0.13' 20 | - 0.13.1 21 | - '0.14' 22 | - '0.15' 23 | - 0.15.1 24 | - '0.6' 25 | - '0.7' 26 | - '0.8' 27 | - '0.9' 28 | - 16.0.0 29 | - 16.1.0 30 | - 16.2.0 31 | - 17.0.0 32 | - 17.1.0 33 | - 17.2.0 34 | - 17.3.0 35 | - 17.4.0 36 | aliases: 37 | - CVE-2018-1000807 38 | modified: '2021-06-10T06:50:39.370732Z' 39 | published: '2018-10-08T15:29:00Z' 40 | references: 41 | - type: WEB 42 | url: https://github.com/pyca/pyopenssl/pull/723 43 | - type: WEB 44 | url: https://usn.ubuntu.com/3813-1/ 45 | - type: WEB 46 | url: https://access.redhat.com/errata/RHSA-2019:0085 47 | - type: WEB 48 | url: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html 49 | -------------------------------------------------------------------------------- /vulns/clickhouse-driver/PYSEC-2021-61.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-61 2 | package: 3 | name: clickhouse-driver 4 | ecosystem: PyPI 5 | details: clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger 6 | a crash or execute arbitrary code (on a database client) via a crafted server response, 7 | due to a buffer overflow. 8 | affects: 9 | ranges: 10 | - type: GIT 11 | repo: https://github.com/mymarilyn/clickhouse-driver 12 | fixed: d708ed548e1d6f254ba81a21de8ba543a53b5598 13 | - type: GIT 14 | repo: https://github.com/mymarilyn/clickhouse-driver 15 | fixed: 3e990547e064b8fca916b23a0f7d6fe8c63c7f6b 16 | - type: ECOSYSTEM 17 | fixed: 0.1.5 18 | versions: 19 | - 0.0.2 20 | - 0.0.3 21 | - 0.0.4 22 | - 0.0.5 23 | - 0.0.6 24 | - 0.0.7 25 | - 0.0.8 26 | - 0.0.9 27 | - 0.0.10 28 | - 0.0.11 29 | - 0.0.12 30 | - 0.0.13 31 | - 0.0.14 32 | - 0.0.15 33 | - 0.0.16 34 | - 0.0.17 35 | - 0.0.18 36 | - 0.0.19 37 | - 0.0.20 38 | - 0.1.0 39 | - 0.1.1 40 | - 0.1.2 41 | - 0.1.3 42 | - 0.1.4 43 | aliases: 44 | - CVE-2020-26759 45 | modified: '2021-01-08T21:19:00Z' 46 | published: '2021-01-06T13:15:00Z' 47 | references: 48 | - type: WEB 49 | url: https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598 50 | - type: WEB 51 | url: https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b 52 | -------------------------------------------------------------------------------- /vulns/mayan-edms/PYSEC-2018-15.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-15 2 | package: 3 | name: mayan-edms 4 | ecosystem: PyPI 5 | details: An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS 6 | because tag label values are mishandled. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 3.0.3 11 | versions: 12 | - 1.0.0 13 | - 1.0.rc1 14 | - 1.0.rc2 15 | - 1.0.rc3 16 | - 1.1.0 17 | - 1.1.1 18 | - 2.0.0 19 | - 2.0.0b1 20 | - 2.0.0b2 21 | - 2.0.0rc1 22 | - 2.0.1 23 | - 2.0.2 24 | - '2.1' 25 | - 2.1.1 26 | - 2.1.10 27 | - 2.1.11 28 | - 2.1.2 29 | - 2.1.3 30 | - 2.1.4 31 | - 2.1.5 32 | - 2.1.6 33 | - 2.1rc1 34 | - 2.1rc2 35 | - '2.2' 36 | - 2.2b1 37 | - 2.2b2 38 | - 2.2b3 39 | - 2.2rc1 40 | - '2.3' 41 | - '2.4' 42 | - '2.5' 43 | - 2.5.1 44 | - 2.5.2 45 | - '2.6' 46 | - 2.6.1 47 | - 2.6.2 48 | - 2.6.3 49 | - 2.6.4 50 | - '2.7' 51 | - 2.7.1 52 | - 2.7.2 53 | - 2.7.3 54 | - '3.0' 55 | - 3.0.1 56 | - 3.0.2 57 | aliases: 58 | - CVE-2018-16407 59 | modified: '2021-06-10T06:51:46.544830Z' 60 | published: '2018-09-03T19:29:00Z' 61 | references: 62 | - type: WEB 63 | url: https://gitlab.com/mayan-edms/mayan-edms/issues/496 64 | - type: WEB 65 | url: https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c 66 | - type: WEB 67 | url: https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst 68 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-23.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-23 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: An issue was found in Apache Airflow versions 1.10.10 and below. A stored 6 | XSS vulnerability was discovered in the Chart pages of the the "classic" UI. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.10.11rc1 11 | versions: 12 | - 1.8.1 13 | - 1.8.2rc1 14 | - 1.8.2 15 | - 1.9.0 16 | - 1.10.0 17 | - 1.10.1b1 18 | - 1.10.1rc2 19 | - 1.10.1 20 | - 1.10.2b2 21 | - 1.10.2rc1 22 | - 1.10.2rc2 23 | - 1.10.2rc3 24 | - 1.10.2 25 | - 1.10.3b1 26 | - 1.10.3b2 27 | - 1.10.3rc1 28 | - 1.10.3rc2 29 | - 1.10.3 30 | - 1.10.4b2 31 | - 1.10.4rc1 32 | - 1.10.4rc2 33 | - 1.10.4rc3 34 | - 1.10.4rc4 35 | - 1.10.4rc5 36 | - 1.10.4 37 | - 1.10.5rc1 38 | - 1.10.5 39 | - 1.10.6rc1 40 | - 1.10.6rc2 41 | - 1.10.6 42 | - 1.10.7rc1 43 | - 1.10.7rc2 44 | - 1.10.7rc3 45 | - 1.10.7 46 | - 1.10.8rc1 47 | - 1.10.8 48 | - 1.10.9rc1 49 | - 1.10.9 50 | - 1.10.10rc1 51 | - 1.10.10rc2 52 | - 1.10.10rc3 53 | - 1.10.10rc4 54 | - 1.10.10rc5 55 | - 1.10.10 56 | aliases: 57 | - CVE-2020-9485 58 | modified: '2020-07-21T18:38:00Z' 59 | published: '2020-07-17T00:15:00Z' 60 | references: 61 | - type: WEB 62 | url: https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E 63 | -------------------------------------------------------------------------------- /.github/workflows/automation.yaml: -------------------------------------------------------------------------------- 1 | name: Actions to take on pushes to main 2 | on: 3 | push: 4 | branches: 5 | - main 6 | schedule: 7 | - cron: '*/15 * * * *' 8 | workflow_dispatch: 9 | jobs: 10 | analysis: 11 | continue-on-error: true 12 | name: Analysis 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v2 16 | with: 17 | fetch-depth: 64 18 | - uses: google/osv/actions/analyze@master 19 | with: 20 | analyze-git: false 21 | pr-base: HEAD~63 22 | skip-pattern: '.github/workflows/.*' 23 | - run: | 24 | git config user.name github-actions 25 | git config user.email github-actions@github.com 26 | git add . 27 | - run: git commit -m 'Analysis' 28 | - run: git push 29 | assign: 30 | needs: analysis 31 | continue-on-error: true 32 | name: Assign IDs 33 | runs-on: ubuntu-latest 34 | steps: 35 | - uses: actions/checkout@v2 36 | - uses: actions/setup-go@v2 37 | with: 38 | go-version: '^1.16.4' 39 | - run: | 40 | go get -u github.com/google/osv/vulnfeeds/cmd/ids 41 | ids -dir=./vulns -prefix PYSEC 42 | git config user.name github-actions 43 | git config user.email github-actions@github.com 44 | git add . 45 | env: 46 | GONOPROXY: github.com/google/osv 47 | - run: git commit -m 'Assign IDs' 48 | - run: git push 49 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-162.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-162 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious 6 | admin user could edit the state of objects in the Airflow metadata database to execute 7 | arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.10.5 12 | versions: 13 | - 1.8.1 14 | - 1.8.2rc1 15 | - 1.8.2 16 | - 1.9.0 17 | - 1.10.0 18 | - 1.10.1b1 19 | - 1.10.1rc2 20 | - 1.10.1 21 | - 1.10.2b2 22 | - 1.10.2rc1 23 | - 1.10.2rc2 24 | - 1.10.2rc3 25 | - 1.10.2 26 | - 1.10.3b1 27 | - 1.10.3b2 28 | - 1.10.3rc1 29 | - 1.10.3rc2 30 | - 1.10.3 31 | - 1.10.4b2 32 | - 1.10.4rc1 33 | - 1.10.4rc2 34 | - 1.10.4rc3 35 | - 1.10.4rc4 36 | - 1.10.4rc5 37 | - 1.10.4 38 | - 1.10.5rc1 39 | aliases: 40 | - CVE-2019-12398 41 | modified: '2020-01-21T16:21:00Z' 42 | published: '2020-01-14T17:15:00Z' 43 | references: 44 | - type: WEB 45 | url: http://www.openwall.com/lists/oss-security/2020/01/14/2 46 | - type: WEB 47 | url: https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E 48 | - type: WEB 49 | url: https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E 50 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-181.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-181 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious 6 | admin user could edit the state of objects in the Airflow metadata database to execute 7 | arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.10.5 12 | versions: 13 | - 1.8.1 14 | - 1.8.2rc1 15 | - 1.8.2 16 | - 1.9.0 17 | - 1.10.0 18 | - 1.10.1b1 19 | - 1.10.1rc2 20 | - 1.10.1 21 | - 1.10.2b2 22 | - 1.10.2rc1 23 | - 1.10.2rc2 24 | - 1.10.2rc3 25 | - 1.10.2 26 | - 1.10.3b1 27 | - 1.10.3b2 28 | - 1.10.3rc1 29 | - 1.10.3rc2 30 | - 1.10.3 31 | - 1.10.4b2 32 | - 1.10.4rc1 33 | - 1.10.4rc2 34 | - 1.10.4rc3 35 | - 1.10.4rc4 36 | - 1.10.4rc5 37 | - 1.10.4 38 | - 1.10.5rc1 39 | aliases: 40 | - CVE-2019-12398 41 | modified: '2020-01-21T16:21:00Z' 42 | published: '2020-01-14T17:15:00Z' 43 | references: 44 | - type: WEB 45 | url: http://www.openwall.com/lists/oss-security/2020/01/14/2 46 | - type: WEB 47 | url: https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E 48 | - type: WEB 49 | url: https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E 50 | -------------------------------------------------------------------------------- /vulns/plone/PYSEC-2020-86.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-86 2 | package: 3 | name: plone 4 | ecosystem: PyPI 5 | details: An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with 6 | a certain privilege level to insert JavaScript that will be executed when other 7 | users access the site. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: '5.0' 12 | fixed: 5.2.2 13 | versions: 14 | - '5.0' 15 | - 5.0.1 16 | - 5.0.2 17 | - 5.0.3 18 | - 5.0.4 19 | - 5.0.5 20 | - 5.0.6 21 | - 5.0.7 22 | - 5.0.8 23 | - 5.0.9 24 | - 5.0.10 25 | - 5.1a1 26 | - 5.1a2 27 | - 5.1b1 28 | - 5.1b2 29 | - 5.1b3 30 | - 5.1b4 31 | - 5.1rc1 32 | - 5.1rc2 33 | - 5.1.0 34 | - 5.1.1 35 | - 5.1.2 36 | - 5.1.3 37 | - 5.1.4 38 | - 5.1.5 39 | - 5.1.6 40 | - 5.1.7 41 | - 5.2a1 42 | - 5.2a2 43 | - 5.2b1 44 | - 5.2rc1 45 | - 5.2rc2 46 | - 5.2rc3 47 | - 5.2rc4 48 | - 5.2rc5 49 | - 5.2.0 50 | - 5.2.1 51 | aliases: 52 | - CVE-2020-7937 53 | modified: '2020-01-24T23:07:00Z' 54 | published: '2020-01-23T21:15:00Z' 55 | references: 56 | - type: WEB 57 | url: https://plone.org/security/hotfix/20200121 58 | - type: WEB 59 | url: https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher 60 | - type: WEB 61 | url: https://www.openwall.com/lists/oss-security/2020/01/22/1 62 | - type: WEB 63 | url: http://www.openwall.com/lists/oss-security/2020/01/24/1 64 | -------------------------------------------------------------------------------- /vulns/scapy/PYSEC-2019-120.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-120 2 | package: 3 | name: scapy 4 | ecosystem: PyPI 5 | details: 'scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, 6 | resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). 7 | The attack vector is: over the network or in a pcap. both work.' 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 2.4.1 12 | versions: 13 | - 2.2.0-dev 14 | - 2.3.1 15 | - 2.3.2 16 | - 2.3.3 17 | - 2.4rc2 18 | - 2.4.0rc3 19 | - 2.4.0rc4 20 | - 2.4.0rc5 21 | - 2.4.0 22 | aliases: 23 | - CVE-2019-1010142 24 | modified: '2020-08-24T17:37:00Z' 25 | published: '2019-07-19T16:15:00Z' 26 | references: 27 | - type: WEB 28 | url: https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058 29 | - type: WEB 30 | url: https://github.com/secdev/scapy/pull/1409 31 | - type: WEB 32 | url: https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/ 33 | - type: WEB 34 | url: http://www.securityfocus.com/bid/106674 35 | - type: WEB 36 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/ 37 | - type: WEB 38 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/ 39 | -------------------------------------------------------------------------------- /vulns/scapy/PYSEC-2019-50.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-50 2 | package: 3 | name: scapy 4 | ecosystem: PyPI 5 | details: 'scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, 6 | resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). 7 | The attack vector is: over the network or in a pcap. both work.' 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 2.4.1 12 | versions: 13 | - 2.2.0-dev 14 | - 2.3.1 15 | - 2.3.2 16 | - 2.3.3 17 | - 2.4rc2 18 | - 2.4.0rc3 19 | - 2.4.0rc4 20 | - 2.4.0rc5 21 | - 2.4.0 22 | aliases: 23 | - CVE-2019-1010142 24 | modified: '2020-08-24T17:37:00Z' 25 | published: '2019-07-19T16:15:00Z' 26 | references: 27 | - type: WEB 28 | url: https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058 29 | - type: WEB 30 | url: https://github.com/secdev/scapy/pull/1409 31 | - type: WEB 32 | url: https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/ 33 | - type: WEB 34 | url: http://www.securityfocus.com/bid/106674 35 | - type: WEB 36 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T46XW4S5BCA3VV3JT3C5Q6LBEXSIACLN/ 37 | - type: WEB 38 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42NRPMC3NS2QVFNIXYP6WV2T3LMLLY7E/ 39 | -------------------------------------------------------------------------------- /vulns/libtaxii/PYSEC-2020-59.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-59 2 | package: 3 | name: libtaxii 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII 6 | through 0.2.0 and other products, allows SSRF via an initial http:// substring to 7 | the parse method, even when the no_network setting is used for the XML parser. NOTE: 8 | the vendor points out that the parse method "wraps the lxml library" and that this 9 | may be an issue to "raise ... to the lxml group."' 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 1.1.118 14 | versions: 15 | - 1.0.090 16 | - 1.0.100 17 | - 1.0.101 18 | - 1.0.103 19 | - 1.0.104 20 | - 1.0.105 21 | - 1.0.106 22 | - 1.0.107 23 | - 1.1.100 24 | - 1.1.101 25 | - 1.1.102 26 | - 1.1.103 27 | - 1.1.104 28 | - 1.1.105 29 | - 1.1.106 30 | - 1.1.107 31 | - 1.1.108 32 | - 1.1.109 33 | - 1.1.110 34 | - 1.1.111 35 | - 1.1.112 36 | - 1.1.113 37 | - 1.1.114 38 | - 1.1.115 39 | - 1.1.116 40 | - 1.1.117 41 | aliases: 42 | - CVE-2020-27197 43 | modified: '2020-10-27T19:51:00Z' 44 | published: '2020-10-17T20:15:00Z' 45 | references: 46 | - type: WEB 47 | url: https://github.com/TAXIIProject/libtaxii/issues/246 48 | - type: WEB 49 | url: https://github.com/eclecticiq/OpenTAXII/issues/176 50 | - type: WEB 51 | url: http://packetstormsecurity.com/files/159662/Libtaxii-1.1.117-OpenTaxi-0.2.0-Server-Side-Request-Forgery.html 52 | -------------------------------------------------------------------------------- /vulns/hyperkitty/PYSEC-2021-77.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-77 2 | package: 3 | name: hyperkitty 4 | ecosystem: PyPI 5 | details: An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty 6 | through 1.3.4. When importing a private mailing list's archives, these archives 7 | are publicly visible for the duration of the import. For example, sensitive information 8 | might be available on the web for an hour during a large migration from Mailman 9 | 2 to Mailman 3. 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 1.3.5 14 | versions: 15 | - '0.1' 16 | - 0.1.1 17 | - 0.1.2 18 | - 0.1.3 19 | - 0.1.4 20 | - 0.1.5 21 | - 0.1.6 22 | - 0.1.7 23 | - 0.9.3 24 | - 0.9.5 25 | - 0.9.6 26 | - 0.9.7 27 | - 1.0.0 28 | - 1.0.0rc1 29 | - 1.0.1 30 | - 1.0.2 31 | - 1.0.3 32 | - 1.1.0 33 | - 1.1.1 34 | - 1.1.4 35 | - 1.2.0 36 | - 1.2.0a1 37 | - 1.2.1 38 | - 1.2.2 39 | - 1.3.0 40 | - 1.3.1 41 | - 1.3.2 42 | - 1.3.3 43 | - 1.3.3rc1 44 | - 1.3.3rc2 45 | - 1.3.4 46 | - 1.3.4rc1 47 | - 1.3.4rc2 48 | aliases: 49 | - CVE-2021-33038 50 | modified: '2021-06-09T05:01:08.351404Z' 51 | published: '2021-05-26T14:15:00Z' 52 | references: 53 | - type: WEB 54 | url: https://gitlab.com/mailman/hyperkitty/-/issues/380 55 | - type: WEB 56 | url: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa 57 | - type: WEB 58 | url: https://www.debian.org/security/2021/dsa-4922 59 | -------------------------------------------------------------------------------- /vulns/blackduck/PYSEC-2020-26.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-26 2 | package: 3 | name: blackduck 4 | ecosystem: PyPI 5 | details: Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 6 | does not validate SSL certificates in certain cases. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | introduced: 0.0.25 11 | fixed: 0.0.53 12 | versions: 13 | - 0.0.25 14 | - 0.0.26 15 | - 0.0.27 16 | - 0.0.28 17 | - 0.0.29 18 | - 0.0.30 19 | - 0.0.31 20 | - 0.0.32 21 | - 0.0.33 22 | - 0.0.34 23 | - 0.0.35 24 | - 0.0.36 25 | - 0.0.37 26 | - 0.0.38 27 | - 0.0.39 28 | - 0.0.40 29 | - 0.0.41 30 | - 0.0.42 31 | - 0.0.43 32 | - 0.0.44 33 | - 0.0.45 34 | - 0.0.46 35 | - 0.0.47 36 | - 0.0.48 37 | - 0.0.49 38 | - 0.0.50 39 | - 0.0.51 40 | - 0.0.52 41 | aliases: 42 | - CVE-2020-27589 43 | modified: '2020-11-20T15:55:00Z' 44 | published: '2020-11-06T14:15:00Z' 45 | references: 46 | - type: WEB 47 | url: https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper 48 | - type: WEB 49 | url: https://pypi.org/project/blackduck/ 50 | - type: WEB 51 | url: https://github.com/blackducksoftware/hub-rest-api-python 52 | - type: WEB 53 | url: https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd 54 | - type: WEB 55 | url: https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified 56 | -------------------------------------------------------------------------------- /vulns/sopel-plugins-channelmgnt/PYSEC-2021-58.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-58 2 | package: 3 | name: sopel-plugins-channelmgnt 4 | ecosystem: PyPI 5 | details: sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 6 | 2.0.1, on some IRC servers, restrictions around the removal of the bot using the 7 | kick/kickban command could be bypassed when kicking multiple users at once. We also 8 | believe it may have been possible to remove users from other channels but due to 9 | the wonder that is IRC and following RfCs, We have no POC for that. Freenode is 10 | not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin 11 | on networks where TARGMAX > 1. 12 | affects: 13 | ranges: 14 | - type: GIT 15 | repo: https://github.com/MirahezeBots/sopel-channelmgnt 16 | fixed: 7c96d400358221e59135f0a0be0744f3fad73856 17 | - type: ECOSYSTEM 18 | fixed: 2.0.1 19 | versions: 20 | - 1.0.0 21 | - 1.0.1 22 | - 1.0.2 23 | - 1.0.3 24 | - 1.0.4 25 | - 1.0.5 26 | - 1.0.6 27 | - '2.0' 28 | aliases: 29 | - CVE-2021-21431 30 | modified: '2021-05-04T13:59:00Z' 31 | published: '2021-04-09T16:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-23c7-6444-399m 35 | - type: WEB 36 | url: https://pypi.org/project/sopel-plugins.channelmgnt/ 37 | - type: WEB 38 | url: https://github.com/MirahezeBots/sopel-channelmgnt/commit/7c96d400358221e59135f0a0be0744f3fad73856 39 | -------------------------------------------------------------------------------- /vulns/urllib3/PYSEC-2020-149.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-149 2 | package: 3 | name: urllib3 4 | ecosystem: PyPI 5 | details: The _encode_invalid_chars function in util/url.py in the urllib3 library 6 | 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because 7 | of an inefficient algorithm. The percent_encodings array contains all matches of 8 | percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings 9 | may be up to O(N). The next step (normalize existing percent-encoded bytes) also 10 | takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings 11 | were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where 12 | k is at most 484 ((10+6*2)^2). 13 | affects: 14 | ranges: 15 | - type: GIT 16 | repo: https://github.com/urllib3/urllib3 17 | fixed: a74c9cfbaed9f811e7563cfc3dce894928e0221a 18 | - type: ECOSYSTEM 19 | introduced: 1.25.2 20 | fixed: 1.25.8 21 | versions: 22 | - 1.25.2 23 | - 1.25.3 24 | - 1.25.4 25 | - 1.25.5 26 | - 1.25.6 27 | - 1.25.7 28 | aliases: 29 | - CVE-2020-7212 30 | modified: '2020-03-09T16:55:00Z' 31 | published: '2020-03-06T20:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://github.com/urllib3/urllib3/blob/master/CHANGES.rst 35 | - type: WEB 36 | url: https://pypi.org/project/urllib3/1.25.8/ 37 | - type: WEB 38 | url: https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a 39 | -------------------------------------------------------------------------------- /vulns/eventlet/PYSEC-2021-12.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-12 2 | package: 3 | name: eventlet 4 | ecosystem: PyPI 5 | details: Eventlet is a concurrent networking library for Python. A websocket peer 6 | may exhaust memory on Eventlet side by sending very large websocket frames. Malicious 7 | peer may exhaust memory on Eventlet side by sending highly compressed data frame. 8 | A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, 9 | restricting memory usage via OS limits would help against overall machine exhaustion, 10 | but there is no workaround to protect Eventlet process. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | introduced: 0.10.0 15 | fixed: 0.31.0 16 | versions: 17 | - 0.10.0 18 | - 0.11.0 19 | - 0.12.1 20 | - 0.13.0 21 | - 0.14.0 22 | - 0.15.2 23 | - 0.16.1 24 | - 0.17.4 25 | - 0.18.2 26 | - 0.18.3 27 | - 0.18.4 28 | - 0.19.0 29 | - 0.20.0 30 | - 0.20.1 31 | - 0.21.0 32 | - 0.22.0 33 | - 0.22.1 34 | - 0.23.0 35 | - 0.24.0 36 | - 0.24.1 37 | - 0.25.0 38 | - 0.25.1 39 | - 0.25.2 40 | - 0.26.0 41 | - 0.26.1 42 | - 0.27.0 43 | - 0.28.0 44 | - 0.28.1 45 | - 0.29.0 46 | - 0.29.1 47 | - 0.30.0 48 | - 0.30.1 49 | - 0.30.2 50 | - 0.30.3 51 | aliases: 52 | - CVE-2021-21419 53 | modified: '2021-05-14T17:02:00Z' 54 | published: '2021-05-07T15:15:00Z' 55 | references: 56 | - type: WEB 57 | url: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 58 | -------------------------------------------------------------------------------- /vulns/psd-tools/PYSEC-2020-91.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-91 2 | package: 3 | name: psd-tools 4 | ecosystem: PyPI 5 | details: An issue was discovered in psd-tools before 1.9.4. The Cython implementation 6 | of RLE decoding did not check for malicious data. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.9.4 11 | versions: 12 | - 0.1.1 13 | - 0.1.2 14 | - 0.1.3 15 | - 0.1.4 16 | - '0.2' 17 | - '0.5' 18 | - '0.6' 19 | - '0.7' 20 | - 0.7.1 21 | - '0.8' 22 | - 0.8.1 23 | - 0.8.2 24 | - 0.8.3 25 | - 0.8.4 26 | - '0.9' 27 | - 0.9.1 28 | - '0.10' 29 | - '1.0' 30 | - '1.1' 31 | - '1.2' 32 | - '1.3' 33 | - '1.4' 34 | - 1.8.8 35 | - 1.8.9 36 | - 1.8.10 37 | - 1.8.11 38 | - 1.8.12 39 | - 1.8.13 40 | - 1.8.14 41 | - 1.8.15 42 | - 1.8.16 43 | - 1.8.17 44 | - 1.8.18 45 | - 1.8.19 46 | - 1.8.20 47 | - 1.8.21 48 | - 1.8.22 49 | - 1.8.23 50 | - 1.8.24 51 | - 1.8.25 52 | - 1.8.26 53 | - 1.8.27 54 | - 1.8.28 55 | - 1.8.29 56 | - 1.8.30 57 | - 1.8.31 58 | - 1.8.32 59 | - 1.8.33 60 | - 1.8.34 61 | - 1.8.35 62 | - 1.8.36 63 | - 1.8.37 64 | - 1.8.38 65 | - 1.9.0 66 | - 1.9.1 67 | - 1.9.2 68 | - 1.9.3 69 | aliases: 70 | - CVE-2020-10571 71 | modified: '2020-03-19T16:41:00Z' 72 | published: '2020-03-14T18:15:00Z' 73 | references: 74 | - type: WEB 75 | url: https://github.com/psd-tools/psd-tools/releases/tag/v1.9.4 76 | - type: WEB 77 | url: https://github.com/psd-tools/psd-tools/pull/198 78 | -------------------------------------------------------------------------------- /vulns/tensorflow/PYSEC-2020-141.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-141 2 | package: 3 | name: tensorflow 4 | ecosystem: PyPI 5 | details: 'In TensorFlow release candidate versions 2.4.0rc*, the general implementation 6 | for matching filesystem paths to globbing pattern is vulnerable to an access out 7 | of bounds of the array holding the directories. There are multiple invariants and 8 | preconditions that are assumed by the parallel implementation of GetMatchingPaths 9 | but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are 10 | completely rewriting the implementation to fully specify and validate these. This 11 | is patched in version 2.4.0. This issue only impacts master branch and the release 12 | candidates for TF version 2.4. The final release of the 2.4 release will be patched.' 13 | affects: 14 | ranges: 15 | - type: GIT 16 | repo: https://github.com/tensorflow/tensorflow 17 | fixed: 8b5b9dc96666a3a5d27fad7179ff215e3b74b67c 18 | - type: ECOSYSTEM 19 | introduced: 2.4.0rc0 20 | fixed: 2.4.0 21 | versions: 22 | - 2.4.0rc0 23 | - 2.4.0rc1 24 | - 2.4.0rc2 25 | - 2.4.0rc3 26 | - 2.4.0rc4 27 | aliases: 28 | - CVE-2020-26269 29 | modified: '2020-12-14T17:42:00Z' 30 | published: '2020-12-10T23:15:00Z' 31 | references: 32 | - type: WEB 33 | url: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw 34 | - type: WEB 35 | url: https://github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c 36 | -------------------------------------------------------------------------------- /vulns/pyopenssl/PYSEC-2018-24.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-24 2 | package: 3 | name: pyopenssl 4 | ecosystem: PyPI 5 | details: 'Python Cryptographic Authority pyopenssl version Before 17.5.0 contains 6 | a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability 7 | in PKCS #12 Store that can result in Denial of service if memory runs low or is 8 | exhausted. This attack appear to be exploitable via Depends upon calling application, 9 | however it could be as simple as initiating a TLS connection. Anything that would 10 | cause the calling application to reload certificates from a PKCS #12 store.. This 11 | vulnerability appears to have been fixed in 17.5.0.' 12 | affects: 13 | ranges: 14 | - type: ECOSYSTEM 15 | fixed: 17.5.0 16 | versions: 17 | - '0.10' 18 | - '0.11' 19 | - '0.12' 20 | - '0.13' 21 | - 0.13.1 22 | - '0.14' 23 | - '0.15' 24 | - 0.15.1 25 | - '0.6' 26 | - '0.7' 27 | - '0.8' 28 | - '0.9' 29 | - 16.0.0 30 | - 16.1.0 31 | - 16.2.0 32 | - 17.0.0 33 | - 17.1.0 34 | - 17.2.0 35 | - 17.3.0 36 | - 17.4.0 37 | aliases: 38 | - CVE-2018-1000808 39 | modified: '2021-06-10T06:50:57.188381Z' 40 | published: '2018-10-08T15:29:00Z' 41 | references: 42 | - type: WEB 43 | url: https://github.com/pyca/pyopenssl/pull/723 44 | - type: WEB 45 | url: https://usn.ubuntu.com/3813-1/ 46 | - type: WEB 47 | url: https://access.redhat.com/errata/RHSA-2019:0085 48 | - type: WEB 49 | url: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html 50 | -------------------------------------------------------------------------------- /vulns/keystone/PYSEC-2020-54.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-54 2 | package: 3 | name: keystone 4 | ecosystem: PyPI 5 | details: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. 6 | The list of roles provided for an OAuth1 access token is silently ignored. Thus, 7 | when an access token is used to request a keystone token, the keystone token contains 8 | every role assignment the creator had for the project. This results in the provided 9 | keystone token having more role assignments than the creator intended, possibly 10 | giving unintended escalated access. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 15.0.1 15 | versions: 16 | - 12.0.2 17 | - 12.0.3 18 | - 13.0.2 19 | - 13.0.3 20 | - 13.0.4 21 | - 14.0.0 22 | - 14.0.1 23 | - 14.1.0 24 | - 14.2.0 25 | - 15.0.0.0rc1 26 | - 15.0.0.0rc2 27 | - 15.0.0 28 | aliases: 29 | - CVE-2020-12690 30 | modified: '2020-09-02T16:15:00Z' 31 | published: '2020-05-07T00:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://bugs.launchpad.net/keystone/+bug/1873290 35 | - type: WEB 36 | url: https://www.openwall.com/lists/oss-security/2020/05/06/6 37 | - type: WEB 38 | url: http://www.openwall.com/lists/oss-security/2020/05/07/3 39 | - type: WEB 40 | url: https://security.openstack.org/ossa/OSSA-2020-005.html 41 | - type: WEB 42 | url: https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E 43 | - type: WEB 44 | url: https://usn.ubuntu.com/4480-1/ 45 | -------------------------------------------------------------------------------- /vulns/bleach/PYSEC-2020-28.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-28 2 | package: 3 | name: bleach 4 | ecosystem: PyPI 5 | details: In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA 6 | and either svg or math tags are whitelisted and the keyword argument strip=False. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 3.1.2 11 | versions: 12 | - '0.1' 13 | - 0.1.1 14 | - 0.1.2 15 | - '0.2' 16 | - 0.2.1 17 | - 0.2.2 18 | - '0.3' 19 | - 0.3.1 20 | - 0.3.3 21 | - 0.3.4 22 | - 0.5.0 23 | - 0.5.1 24 | - 1.0.0 25 | - 1.0.1 26 | - 1.0.2 27 | - 1.0.3 28 | - 1.0.4 29 | - 1.1.0 30 | - 1.1.1 31 | - 1.1.2 32 | - 1.1.3 33 | - 1.1.4 34 | - 1.1.5 35 | - '1.2' 36 | - 1.2.1 37 | - 1.2.2 38 | - '1.4' 39 | - 1.4.1 40 | - 1.4.2 41 | - 1.4.3 42 | - 1.5.0 43 | - 2.0.0 44 | - '2.1' 45 | - 2.1.1 46 | - 2.1.2 47 | - 2.1.3 48 | - 2.1.4 49 | - 3.0.0 50 | - 3.0.1 51 | - 3.0.2 52 | - 3.1.0 53 | - 3.1.1 54 | aliases: 55 | - CVE-2020-6816 56 | modified: '2021-03-30T23:15:00Z' 57 | published: '2020-03-24T22:15:00Z' 58 | references: 59 | - type: WEB 60 | url: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 61 | - type: WEB 62 | url: https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach 63 | - type: WEB 64 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5/ 65 | - type: WEB 66 | url: https://advisory.checkmarx.net/advisory/CX-2020-4277 67 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-15.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-15 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: An issue was found in Apache Airflow versions 1.10.10 and below. When using 6 | CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, 7 | it is possible to inject commands, resulting in the celery worker running arbitrary 8 | commands. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 1.10.11rc1 13 | versions: 14 | - 1.8.1 15 | - 1.8.2rc1 16 | - 1.8.2 17 | - 1.9.0 18 | - 1.10.0 19 | - 1.10.1b1 20 | - 1.10.1rc2 21 | - 1.10.1 22 | - 1.10.2b2 23 | - 1.10.2rc1 24 | - 1.10.2rc2 25 | - 1.10.2rc3 26 | - 1.10.2 27 | - 1.10.3b1 28 | - 1.10.3b2 29 | - 1.10.3rc1 30 | - 1.10.3rc2 31 | - 1.10.3 32 | - 1.10.4b2 33 | - 1.10.4rc1 34 | - 1.10.4rc2 35 | - 1.10.4rc3 36 | - 1.10.4rc4 37 | - 1.10.4rc5 38 | - 1.10.4 39 | - 1.10.5rc1 40 | - 1.10.5 41 | - 1.10.6rc1 42 | - 1.10.6rc2 43 | - 1.10.6 44 | - 1.10.7rc1 45 | - 1.10.7rc2 46 | - 1.10.7rc3 47 | - 1.10.7 48 | - 1.10.8rc1 49 | - 1.10.8 50 | - 1.10.9rc1 51 | - 1.10.9 52 | - 1.10.10rc1 53 | - 1.10.10rc2 54 | - 1.10.10rc3 55 | - 1.10.10rc4 56 | - 1.10.10rc5 57 | - 1.10.10 58 | aliases: 59 | - CVE-2020-11981 60 | modified: '2020-07-24T18:19:00Z' 61 | published: '2020-07-17T00:15:00Z' 62 | references: 63 | - type: WEB 64 | url: https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E 65 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-17.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-17 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered 6 | that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, 7 | allowing authenticated users with appropriate permissions to create stored XSS attacks. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 1.10.11rc1 12 | versions: 13 | - 1.8.1 14 | - 1.8.2rc1 15 | - 1.8.2 16 | - 1.9.0 17 | - 1.10.0 18 | - 1.10.1b1 19 | - 1.10.1rc2 20 | - 1.10.1 21 | - 1.10.2b2 22 | - 1.10.2rc1 23 | - 1.10.2rc2 24 | - 1.10.2rc3 25 | - 1.10.2 26 | - 1.10.3b1 27 | - 1.10.3b2 28 | - 1.10.3rc1 29 | - 1.10.3rc2 30 | - 1.10.3 31 | - 1.10.4b2 32 | - 1.10.4rc1 33 | - 1.10.4rc2 34 | - 1.10.4rc3 35 | - 1.10.4rc4 36 | - 1.10.4rc5 37 | - 1.10.4 38 | - 1.10.5rc1 39 | - 1.10.5 40 | - 1.10.6rc1 41 | - 1.10.6rc2 42 | - 1.10.6 43 | - 1.10.7rc1 44 | - 1.10.7rc2 45 | - 1.10.7rc3 46 | - 1.10.7 47 | - 1.10.8rc1 48 | - 1.10.8 49 | - 1.10.9rc1 50 | - 1.10.9 51 | - 1.10.10rc1 52 | - 1.10.10rc2 53 | - 1.10.10rc3 54 | - 1.10.10rc4 55 | - 1.10.10rc5 56 | - 1.10.10 57 | aliases: 58 | - CVE-2020-11983 59 | modified: '2020-07-21T18:45:00Z' 60 | published: '2020-07-17T00:15:00Z' 61 | references: 62 | - type: WEB 63 | url: https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E 64 | -------------------------------------------------------------------------------- /vulns/keystone/PYSEC-2020-53.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-53 2 | package: 3 | name: keystone 4 | ecosystem: PyPI 5 | details: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. 6 | Any user authenticated within a limited scope (trust/oauth/application credential) 7 | can create an EC2 credential with an escalated permission, such as obtaining admin 8 | while the user is on a limited viewer role. This potentially allows a malicious 9 | user to act as the admin on a project another user has the admin role on, which 10 | can effectively grant that user global admin privileges. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 15.0.1 15 | versions: 16 | - 12.0.2 17 | - 12.0.3 18 | - 13.0.2 19 | - 13.0.3 20 | - 13.0.4 21 | - 14.0.0 22 | - 14.0.1 23 | - 14.1.0 24 | - 14.2.0 25 | - 15.0.0.0rc1 26 | - 15.0.0.0rc2 27 | - 15.0.0 28 | aliases: 29 | - CVE-2020-12689 30 | modified: '2020-09-02T16:15:00Z' 31 | published: '2020-05-07T00:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://www.openwall.com/lists/oss-security/2020/05/06/5 35 | - type: WEB 36 | url: https://bugs.launchpad.net/keystone/+bug/1872735 37 | - type: WEB 38 | url: http://www.openwall.com/lists/oss-security/2020/05/07/2 39 | - type: WEB 40 | url: https://security.openstack.org/ossa/OSSA-2020-004.html 41 | - type: WEB 42 | url: https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E 43 | - type: WEB 44 | url: https://usn.ubuntu.com/4480-1/ 45 | -------------------------------------------------------------------------------- /vulns/rsa/PYSEC-2020-99.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-99 2 | package: 3 | name: rsa 4 | ecosystem: PyPI 5 | details: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. 6 | This could conceivably have a security-relevant impact, e.g., by helping an attacker 7 | to infer that an application uses Python-RSA, or if the length of accepted ciphertext 8 | affects application behavior (such as by causing excessive memory allocation). 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: '4.1' 13 | versions: 14 | - '1.1' 15 | - '1.2' 16 | - '1.3' 17 | - 1.3.1 18 | - 1.3.2 19 | - 1.3.3 20 | - '2.0' 21 | - '3.0' 22 | - 3.0.1 23 | - '3.1' 24 | - 3.1.1 25 | - 3.1.2 26 | - 3.1.3 27 | - 3.1.4 28 | - '3.2' 29 | - 3.2.1 30 | - 3.2.2 31 | - 3.2.3 32 | - '3.3' 33 | - '3.4' 34 | - 3.4.1 35 | - 3.4.2 36 | - '4.0' 37 | aliases: 38 | - CVE-2020-13757 39 | modified: '2020-09-02T16:15:00Z' 40 | published: '2020-06-01T19:15:00Z' 41 | references: 42 | - type: WEB 43 | url: https://github.com/sybrenstuvel/python-rsa/issues/146 44 | - type: WEB 45 | url: https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 46 | - type: WEB 47 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/ 48 | - type: WEB 49 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/ 50 | - type: WEB 51 | url: https://usn.ubuntu.com/4478-1/ 52 | -------------------------------------------------------------------------------- /vulns/keystone/PYSEC-2020-55.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-55 2 | package: 3 | name: keystone 4 | ecosystem: PyPI 5 | details: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. 6 | Any authenticated user can create an EC2 credential for themselves for a project 7 | that they have a specified role on, and then perform an update to the credential 8 | user and project, allowing them to masquerade as another user. This potentially 9 | allows a malicious user to act as the admin on a project another user has the admin 10 | role on, which can effectively grant that user global admin privileges. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 15.0.1 15 | versions: 16 | - 12.0.2 17 | - 12.0.3 18 | - 13.0.2 19 | - 13.0.3 20 | - 13.0.4 21 | - 14.0.0 22 | - 14.0.1 23 | - 14.1.0 24 | - 14.2.0 25 | - 15.0.0.0rc1 26 | - 15.0.0.0rc2 27 | - 15.0.0 28 | aliases: 29 | - CVE-2020-12691 30 | modified: '2020-09-02T16:15:00Z' 31 | published: '2020-05-07T00:15:00Z' 32 | references: 33 | - type: WEB 34 | url: https://www.openwall.com/lists/oss-security/2020/05/06/5 35 | - type: WEB 36 | url: https://bugs.launchpad.net/keystone/+bug/1872733 37 | - type: WEB 38 | url: http://www.openwall.com/lists/oss-security/2020/05/07/2 39 | - type: WEB 40 | url: https://security.openstack.org/ossa/OSSA-2020-004.html 41 | - type: WEB 42 | url: https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E 43 | - type: WEB 44 | url: https://usn.ubuntu.com/4480-1/ 45 | -------------------------------------------------------------------------------- /vulns/notebook/PYSEC-2018-18.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-18 2 | package: 3 | name: notebook 4 | ecosystem: PyPI 5 | details: Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because 6 | notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. 7 | affects: 8 | ranges: 9 | - type: GIT 10 | repo: https://github.com/jupyter/notebook 11 | fixed: 288b73e1edbf527740e273fcc69b889460871648 12 | - type: ECOSYSTEM 13 | fixed: 5.7.2 14 | versions: 15 | - 0.0.0 16 | - 4.0.0 17 | - 4.0.1 18 | - 4.0.2 19 | - 4.0.4 20 | - 4.0.5 21 | - 4.0.6 22 | - 4.1.0 23 | - 4.2.0 24 | - 4.2.0b1 25 | - 4.2.1 26 | - 4.2.2 27 | - 4.2.3 28 | - 4.3.0 29 | - 4.3.1 30 | - 4.3.2 31 | - 4.4.0 32 | - 4.4.1 33 | - 5.0.0 34 | - 5.0.0b1 35 | - 5.0.0b2 36 | - 5.0.0rc1 37 | - 5.0.0rc2 38 | - 5.1.0 39 | - 5.1.0rc1 40 | - 5.1.0rc2 41 | - 5.1.0rc3 42 | - 5.2.0 43 | - 5.2.0rc1 44 | - 5.2.1 45 | - 5.2.1rc1 46 | - 5.2.2 47 | - 5.3.0 48 | - 5.3.0rc1 49 | - 5.3.1 50 | - 5.4.0 51 | - 5.4.1 52 | - 5.5.0 53 | - 5.5.0rc1 54 | - 5.6.0 55 | - 5.6.0rc1 56 | - 5.7.0 57 | - 5.7.1 58 | aliases: 59 | - CVE-2018-19352 60 | modified: '2021-06-10T06:52:01.452566Z' 61 | published: '2018-11-18T17:29:00Z' 62 | references: 63 | - type: WEB 64 | url: https://pypi.org/project/notebook/#history 65 | - type: WEB 66 | url: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648 67 | - type: WEB 68 | url: https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst 69 | -------------------------------------------------------------------------------- /vulns/markdown2/PYSEC-2021-20.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-20 2 | package: 3 | name: markdown2 4 | ecosystem: PyPI 5 | details: markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression 6 | denial of service vulnerability. If an attacker provides a malicious string, it 7 | can make markdown2 processing difficult or delayed for an extended period of time. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 1.0.1.18 12 | fixed: 2.4.0 13 | versions: 14 | - 1.0.1.18 15 | - 1.0.1.19 16 | - 1.1.0 17 | - 1.1.1 18 | - 1.2.0 19 | - 1.3.0 20 | - 1.3.1 21 | - 1.4.0 22 | - 1.4.1 23 | - 1.4.2 24 | - 2.0.0 25 | - 2.0.1 26 | - 2.1.0 27 | - 2.2.0 28 | - 2.2.1 29 | - 2.2.2 30 | - 2.2.3 31 | - 2.3.0 32 | - 2.3.1 33 | - 2.3.2 34 | - 2.3.3 35 | - 2.3.4 36 | - 2.3.5 37 | - 2.3.6 38 | - 2.3.7 39 | - 2.3.8 40 | - 2.3.9 41 | - 2.3.10 42 | aliases: 43 | - CVE-2021-26813 44 | modified: '2021-05-10T03:15:00Z' 45 | published: '2021-03-03T16:15:00Z' 46 | references: 47 | - type: WEB 48 | url: https://github.com/trentm/python-markdown2/pull/387 49 | - type: WEB 50 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRP5RN35JZTSJ3JT4722F447ZDK7LZS5/ 51 | - type: WEB 52 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTIX5UXRDJZJ57DO4V33ZNJTNKWGBQLY/ 53 | - type: WEB 54 | url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J752422YELXLMLZJPVJVKD2KKHHQRVEH/ 55 | -------------------------------------------------------------------------------- /vulns/django-debug-toolbar/PYSEC-2021-10.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-10 2 | package: 3 | name: django-debug-toolbar 4 | ecosystem: PyPI 5 | details: A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 6 | 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements 7 | by changing the raw_sql input field of the SQL explain, analyze, or select form. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | introduced: 0.10.0 12 | fixed: 1.11.1 13 | - type: ECOSYSTEM 14 | introduced: '2.0' 15 | fixed: 2.2.1 16 | - type: ECOSYSTEM 17 | introduced: '3.0' 18 | fixed: 3.2.1 19 | versions: 20 | - 0.10.0 21 | - 0.10.1 22 | - 0.10.2 23 | - '0.11' 24 | - 0.11.0 25 | - '1.0' 26 | - 1.0.1 27 | - '1.1' 28 | - '1.2' 29 | - 1.2.1 30 | - 1.2.2 31 | - 1.3.0 32 | - 1.3.1 33 | - 1.3.2 34 | - '1.4' 35 | - '1.5' 36 | - '1.6' 37 | - '1.7' 38 | - '1.8' 39 | - '1.9' 40 | - 1.9.1 41 | - '1.10' 42 | - 1.10.1 43 | - '1.11' 44 | - '2.0' 45 | - '2.1' 46 | - '2.2' 47 | - '3.0' 48 | - '3.1' 49 | - 3.1.1 50 | - 3.2a1 51 | - '3.2' 52 | aliases: 53 | - CVE-2021-30459 54 | modified: '2021-04-21T15:05:00Z' 55 | published: '2021-04-14T18:15:00Z' 56 | references: 57 | - type: WEB 58 | url: https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj 59 | - type: WEB 60 | url: https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/ 61 | - type: WEB 62 | url: https://github.com/jazzband/django-debug-toolbar/releases 63 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-20.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-20 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: In Apache Airflow versions prior to 1.10.13, the Charts and Query View of 6 | the old (Flask-admin based) UI were vulnerable for SSRF attack. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 1.10.13 11 | versions: 12 | - 1.8.1 13 | - 1.8.2rc1 14 | - 1.8.2 15 | - 1.9.0 16 | - 1.10.0 17 | - 1.10.1b1 18 | - 1.10.1rc2 19 | - 1.10.1 20 | - 1.10.2b2 21 | - 1.10.2rc1 22 | - 1.10.2rc2 23 | - 1.10.2rc3 24 | - 1.10.2 25 | - 1.10.3b1 26 | - 1.10.3b2 27 | - 1.10.3rc1 28 | - 1.10.3rc2 29 | - 1.10.3 30 | - 1.10.4b2 31 | - 1.10.4rc1 32 | - 1.10.4rc2 33 | - 1.10.4rc3 34 | - 1.10.4rc4 35 | - 1.10.4rc5 36 | - 1.10.4 37 | - 1.10.5rc1 38 | - 1.10.5 39 | - 1.10.6rc1 40 | - 1.10.6rc2 41 | - 1.10.6 42 | - 1.10.7rc1 43 | - 1.10.7rc2 44 | - 1.10.7rc3 45 | - 1.10.7 46 | - 1.10.8rc1 47 | - 1.10.8 48 | - 1.10.9rc1 49 | - 1.10.9 50 | - 1.10.10rc1 51 | - 1.10.10rc2 52 | - 1.10.10rc3 53 | - 1.10.10rc4 54 | - 1.10.10rc5 55 | - 1.10.10 56 | - 1.10.11rc1 57 | - 1.10.11rc2 58 | - 1.10.11 59 | - 1.10.12rc1 60 | - 1.10.12rc2 61 | - 1.10.12rc3 62 | - 1.10.12rc4 63 | - 1.10.12 64 | - 1.10.13rc1 65 | aliases: 66 | - CVE-2020-17513 67 | modified: '2020-12-15T15:40:00Z' 68 | published: '2020-12-14T10:15:00Z' 69 | references: 70 | - type: WEB 71 | url: https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E 72 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2020-160.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-160 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 6 | 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic 7 | and Splunk callback plugins are used send tasks results events to collectors. This 8 | would discloses and collects any sensitive data. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: 2.7.0 13 | fixed: 2.7.15 14 | - type: ECOSYSTEM 15 | introduced: 2.8.0 16 | fixed: 2.8.7 17 | - type: ECOSYSTEM 18 | introduced: 2.9.0 19 | fixed: 2.9.1 20 | versions: 21 | - 2.7.0 22 | - 2.7.1 23 | - 2.7.2 24 | - 2.7.3 25 | - 2.7.4 26 | - 2.7.5 27 | - 2.7.6 28 | - 2.7.7 29 | - 2.7.8 30 | - 2.7.9 31 | - 2.7.10 32 | - 2.7.11 33 | - 2.7.12 34 | - 2.7.13 35 | - 2.7.14 36 | - 2.8.0 37 | - 2.8.1 38 | - 2.8.2 39 | - 2.8.3 40 | - 2.8.4 41 | - 2.8.5 42 | - 2.8.6 43 | - 2.9.0 44 | aliases: 45 | - CVE-2019-14864 46 | modified: '2020-04-13T00:15:00Z' 47 | published: '2020-01-02T15:15:00Z' 48 | references: 49 | - type: WEB 50 | url: https://github.com/ansible/ansible/pull/63527 51 | - type: WEB 52 | url: https://github.com/ansible/ansible/issues/63522 53 | - type: WEB 54 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864 55 | - type: WEB 56 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html 57 | - type: WEB 58 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html 59 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2020-179.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-179 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 6 | 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic 7 | and Splunk callback plugins are used send tasks results events to collectors. This 8 | would discloses and collects any sensitive data. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: 2.7.0 13 | fixed: 2.7.15 14 | - type: ECOSYSTEM 15 | introduced: 2.8.0 16 | fixed: 2.8.7 17 | - type: ECOSYSTEM 18 | introduced: 2.9.0 19 | fixed: 2.9.1 20 | versions: 21 | - 2.7.0 22 | - 2.7.1 23 | - 2.7.2 24 | - 2.7.3 25 | - 2.7.4 26 | - 2.7.5 27 | - 2.7.6 28 | - 2.7.7 29 | - 2.7.8 30 | - 2.7.9 31 | - 2.7.10 32 | - 2.7.11 33 | - 2.7.12 34 | - 2.7.13 35 | - 2.7.14 36 | - 2.8.0 37 | - 2.8.1 38 | - 2.8.2 39 | - 2.8.3 40 | - 2.8.4 41 | - 2.8.5 42 | - 2.8.6 43 | - 2.9.0 44 | aliases: 45 | - CVE-2019-14864 46 | modified: '2020-04-13T00:15:00Z' 47 | published: '2020-01-02T15:15:00Z' 48 | references: 49 | - type: WEB 50 | url: https://github.com/ansible/ansible/pull/63527 51 | - type: WEB 52 | url: https://github.com/ansible/ansible/issues/63522 53 | - type: WEB 54 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864 55 | - type: WEB 56 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html 57 | - type: WEB 58 | url: http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html 59 | -------------------------------------------------------------------------------- /vulns/jupyterhub-systemdspawner/PYSEC-2020-52.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-52 2 | package: 3 | name: jupyterhub-systemdspawner 4 | ecosystem: PyPI 5 | details: jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook 6 | servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API 7 | tokens issued to single-user servers are specified in the environment of systemd 8 | units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub 9 | is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner 10 | v0.15 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/jupyterhub/systemdspawner 15 | fixed: a4d08fd2ade1cfd0ef2c29dc221e649345f23580 16 | - type: ECOSYSTEM 17 | fixed: 0.15.0 18 | versions: 19 | - '0.9' 20 | - 0.9.1 21 | - 0.9.5 22 | - 0.9.6 23 | - 0.9.7 24 | - 0.9.8 25 | - 0.9.9 26 | - 0.9.10 27 | - 0.9.11 28 | - 0.9.12 29 | - '0.10' 30 | - '0.11' 31 | - '0.12' 32 | - '0.13' 33 | - '0.14' 34 | aliases: 35 | - CVE-2020-26261 36 | modified: '2020-12-10T21:46:00Z' 37 | published: '2020-12-09T17:15:00Z' 38 | references: 39 | - type: WEB 40 | url: https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6 41 | - type: WEB 42 | url: https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580 43 | - type: WEB 44 | url: https://pypi.org/project/jupyterhub-systemdspawner/ 45 | - type: WEB 46 | url: https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015 47 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-16.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-16 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: An issue was found in Apache Airflow versions 1.10.10 and below. When using 6 | CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, 7 | it was possible to insert a malicious payload directly to the broker which could 8 | lead to a deserialization attack (and thus remote code execution) on the Worker. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 1.10.11rc1 13 | versions: 14 | - 1.8.1 15 | - 1.8.2rc1 16 | - 1.8.2 17 | - 1.9.0 18 | - 1.10.0 19 | - 1.10.1b1 20 | - 1.10.1rc2 21 | - 1.10.1 22 | - 1.10.2b2 23 | - 1.10.2rc1 24 | - 1.10.2rc2 25 | - 1.10.2rc3 26 | - 1.10.2 27 | - 1.10.3b1 28 | - 1.10.3b2 29 | - 1.10.3rc1 30 | - 1.10.3rc2 31 | - 1.10.3 32 | - 1.10.4b2 33 | - 1.10.4rc1 34 | - 1.10.4rc2 35 | - 1.10.4rc3 36 | - 1.10.4rc4 37 | - 1.10.4rc5 38 | - 1.10.4 39 | - 1.10.5rc1 40 | - 1.10.5 41 | - 1.10.6rc1 42 | - 1.10.6rc2 43 | - 1.10.6 44 | - 1.10.7rc1 45 | - 1.10.7rc2 46 | - 1.10.7rc3 47 | - 1.10.7 48 | - 1.10.8rc1 49 | - 1.10.8 50 | - 1.10.9rc1 51 | - 1.10.9 52 | - 1.10.10rc1 53 | - 1.10.10rc2 54 | - 1.10.10rc3 55 | - 1.10.10rc4 56 | - 1.10.10rc5 57 | - 1.10.10 58 | aliases: 59 | - CVE-2020-11982 60 | modified: '2020-07-24T18:22:00Z' 61 | published: '2020-07-17T00:15:00Z' 62 | references: 63 | - type: WEB 64 | url: https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E 65 | -------------------------------------------------------------------------------- /vulns/tlslite-ng/PYSEC-2018-31.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-31 2 | package: 3 | name: tlslite-ng 4 | ecosystem: PyPI 5 | details: 'tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 6 | contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in 7 | TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line 8 | "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating 9 | the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack 10 | appears to be exploitable via man in the middle on a network connection. This vulnerability 11 | appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8.' 12 | affects: 13 | ranges: 14 | - type: ECOSYSTEM 15 | fixed: 0.7.4 16 | versions: 17 | - 0.5.0 18 | - 0.5.0-beta1 19 | - 0.5.0-beta2 20 | - 0.5.0-beta3 21 | - 0.5.0-beta4 22 | - 0.5.0-beta5 23 | - 0.5.0-beta6 24 | - 0.5.1 25 | - 0.5.2 26 | - 0.6.0 27 | - 0.6.0-alpha1 28 | - 0.6.0-alpha2 29 | - 0.6.0-alpha3 30 | - 0.6.0-alpha4 31 | - 0.6.0-alpha5 32 | - 0.6.0-beta1 33 | - 0.7.0 34 | - 0.7.0-alpha1 35 | - 0.7.0-alpha2 36 | - 0.7.0-alpha3 37 | - 0.7.0-alpha4 38 | - 0.7.0-alpha5 39 | - 0.7.0-alpha6 40 | - 0.7.0-alpha7 41 | - 0.7.0-alpha8 42 | - 0.7.0-alpha9 43 | - 0.7.0-beta1 44 | - 0.7.1 45 | - 0.7.2 46 | - 0.7.3 47 | aliases: 48 | - CVE-2018-1000159 49 | modified: '2021-06-16T00:03:25.014006Z' 50 | published: '2018-04-18T19:29:00Z' 51 | references: 52 | - type: WEB 53 | url: https://github.com/tomato42/tlslite-ng/pull/234 54 | -------------------------------------------------------------------------------- /vulns/horizon/PYSEC-2020-45.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-45 2 | package: 3 | name: horizon 4 | ecosystem: PyPI 5 | details: An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 6 | 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of 7 | the "next" parameter, which would allow someone to supply a malicious URL in Horizon 8 | that can cause an automatic redirect to the provided malicious URL. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | introduced: 15.3.0 13 | fixed: 15.3.2 14 | - type: ECOSYSTEM 15 | introduced: 16.0.0 16 | fixed: 16.2.1 17 | - type: ECOSYSTEM 18 | introduced: 17.0.0 19 | fixed: 18.3.3 20 | - type: ECOSYSTEM 21 | introduced: 18.4.0 22 | fixed: 18.6.0 23 | versions: 24 | - 15.3.0 25 | - 15.3.1 26 | - 16.0.0 27 | - 16.1.0 28 | - 16.2.0 29 | - 17.0.0 30 | - 17.1.0 31 | - 18.0.0 32 | - 18.1.0 33 | - 18.2.0 34 | - 18.3.0 35 | - 18.3.1 36 | - 18.3.2 37 | - 18.4.0 38 | - 18.4.1 39 | - 18.5.0 40 | aliases: 41 | - CVE-2020-29565 42 | modified: '2021-03-09T15:08:00Z' 43 | published: '2020-12-04T08:15:00Z' 44 | references: 45 | - type: WEB 46 | url: https://bugs.launchpad.net/horizon/+bug/1865026 47 | - type: WEB 48 | url: https://review.opendev.org/c/openstack/horizon/+/758841/ 49 | - type: WEB 50 | url: https://review.opendev.org/c/openstack/horizon/+/758843/ 51 | - type: WEB 52 | url: https://security.openstack.org/ossa/OSSA-2020-008.html 53 | - type: WEB 54 | url: http://www.openwall.com/lists/oss-security/2020/12/08/2 55 | - type: WEB 56 | url: https://www.debian.org/security/2020/dsa-4820 57 | -------------------------------------------------------------------------------- /vulns/omero-web/PYSEC-2021-32.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-32 2 | package: 3 | name: omero-web 4 | ecosystem: PyPI 5 | details: OMERO.web is open source Django-based software for managing microscopy imaging. 6 | OMERO.web before version 5.9.0 supports redirection to a given URL after performing 7 | login or switching the group context. These URLs are not validated, allowing redirection 8 | to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External 9 | URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts 10 | setting. 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/ome/omero-web 15 | fixed: 952f8e5d28532fbb14fb665982211329d137908c 16 | - type: ECOSYSTEM 17 | fixed: 5.9.0 18 | versions: 19 | - 5.5.dev1 20 | - 5.5.dev2 21 | - 5.6.dev1 22 | - 5.6.dev2 23 | - 5.6.dev3 24 | - 5.6.dev4 25 | - 5.6.dev5 26 | - 5.6.dev6 27 | - 5.6.dev7 28 | - 5.6.0 29 | - 5.6.1 30 | - 5.6.2 31 | - 5.6.3 32 | - 5.7.0 33 | - 5.7.1 34 | - 5.8.0 35 | - 5.8.1 36 | aliases: 37 | - CVE-2021-21377 38 | modified: '2021-03-27T02:20:00Z' 39 | published: '2021-03-23T16:15:00Z' 40 | references: 41 | - type: WEB 42 | url: https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021 43 | - type: WEB 44 | url: https://pypi.org/project/omero-web/ 45 | - type: WEB 46 | url: https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c 47 | - type: WEB 48 | url: https://www.openmicroscopy.org/security/advisories/2021-SV2/ 49 | - type: WEB 50 | url: https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr 51 | -------------------------------------------------------------------------------- /vulns/tuf/PYSEC-2020-145.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-145 2 | package: 3 | name: tuf 4 | ecosystem: PyPI 5 | details: Python TUF (The Update Framework) reference implementation before version 6 | 0.12 it will incorrectly trust a previously downloaded root metadata file which 7 | failed verification at download time. This allows an attacker who is able to serve 8 | multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating 9 | in a version which has not been correctly signed to control the trust chain for 10 | future updates. This is fixed in version 0.12 and newer. 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/theupdateframework/tuf 15 | fixed: 3d342e648fbacdf43a13d7ba8886aaaf07334af7 16 | - type: ECOSYSTEM 17 | fixed: 0.12.0 18 | versions: 19 | - 0.7.5 20 | - 0.9.8 21 | - 0.9.9 22 | - 0.10.0 23 | - 0.10.1 24 | - 0.10.2 25 | - 0.11.dev0 26 | - 0.11.0 27 | - 0.11.1 28 | - 0.11.2.dev1 29 | - 0.11.2.dev2 30 | - 0.11.2.dev3 31 | - 0.12.dev0 32 | - 0.12.dev1 33 | - 0.12.dev2 34 | aliases: 35 | - CVE-2020-15163 36 | modified: '2020-09-15T17:35:00Z' 37 | published: '2020-09-09T18:15:00Z' 38 | references: 39 | - type: WEB 40 | url: https://github.com/theupdateframework/tuf/releases/tag/v0.12.0 41 | - type: WEB 42 | url: https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg 43 | - type: WEB 44 | url: https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7 45 | - type: WEB 46 | url: https://pypi.org/project/tuf 47 | - type: WEB 48 | url: https://github.com/theupdateframework/tuf/pull/885 49 | -------------------------------------------------------------------------------- /vulns/httpie/PYSEC-2019-23.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-23 2 | package: 3 | name: httpie 4 | ecosystem: PyPI 5 | details: All versions of the HTTPie package prior to version 1.0.3 are vulnerable 6 | to Open Redirect that allows an attacker to write an arbitrary file with supplied 7 | filename and content to the current directory, by redirecting a request from HTTP 8 | to a crafted URL pointing to a server in his or hers control. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 1.0.3 13 | versions: 14 | - '0.1' 15 | - 0.1.1 16 | - 0.1.2 17 | - 0.1.3 18 | - 0.1.4 19 | - 0.1.5 20 | - 0.1.6 21 | - 0.2.0 22 | - 0.2.1 23 | - 0.2.2 24 | - 0.2.3 25 | - 0.2.4dev 26 | - 0.2.4 27 | - 0.2.5 28 | - 0.2.6 29 | - 0.2.7 30 | - 0.3.0 31 | - 0.3.1 32 | - 0.4.0 33 | - 0.4.1 34 | - 0.5.0 35 | - 0.5.1 36 | - 0.6.0 37 | - 0.7.0 38 | - 0.7.2 39 | - 0.8.0 40 | - 0.9.0 41 | - 0.9.1 42 | - 0.9.2 43 | - 0.9.3 44 | - 0.9.4 45 | - 0.9.5 46 | - 0.9.6 47 | - 0.9.7 48 | - 0.9.8 49 | - 0.9.9 50 | - 1.0.0 51 | - 1.0.2 52 | aliases: 53 | - CVE-2019-10751 54 | modified: '2019-09-02T18:15:00Z' 55 | published: '2019-08-23T17:15:00Z' 56 | references: 57 | - type: WEB 58 | url: https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 59 | - type: WEB 60 | url: https://github.com/jakubroztocil/httpie/releases/tag/1.0.3 61 | - type: WEB 62 | url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html 63 | - type: WEB 64 | url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html 65 | - type: WEB 66 | url: https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html 67 | -------------------------------------------------------------------------------- /vulns/httpie/PYSEC-2019-93.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2019-93 2 | package: 3 | name: httpie 4 | ecosystem: PyPI 5 | details: All versions of the HTTPie package prior to version 1.0.3 are vulnerable 6 | to Open Redirect that allows an attacker to write an arbitrary file with supplied 7 | filename and content to the current directory, by redirecting a request from HTTP 8 | to a crafted URL pointing to a server in his or hers control. 9 | affects: 10 | ranges: 11 | - type: ECOSYSTEM 12 | fixed: 1.0.3 13 | versions: 14 | - '0.1' 15 | - 0.1.1 16 | - 0.1.2 17 | - 0.1.3 18 | - 0.1.4 19 | - 0.1.5 20 | - 0.1.6 21 | - 0.2.0 22 | - 0.2.1 23 | - 0.2.2 24 | - 0.2.3 25 | - 0.2.4dev 26 | - 0.2.4 27 | - 0.2.5 28 | - 0.2.6 29 | - 0.2.7 30 | - 0.3.0 31 | - 0.3.1 32 | - 0.4.0 33 | - 0.4.1 34 | - 0.5.0 35 | - 0.5.1 36 | - 0.6.0 37 | - 0.7.0 38 | - 0.7.2 39 | - 0.8.0 40 | - 0.9.0 41 | - 0.9.1 42 | - 0.9.2 43 | - 0.9.3 44 | - 0.9.4 45 | - 0.9.5 46 | - 0.9.6 47 | - 0.9.7 48 | - 0.9.8 49 | - 0.9.9 50 | - 1.0.0 51 | - 1.0.2 52 | aliases: 53 | - CVE-2019-10751 54 | modified: '2019-09-02T18:15:00Z' 55 | published: '2019-08-23T17:15:00Z' 56 | references: 57 | - type: WEB 58 | url: https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 59 | - type: WEB 60 | url: https://github.com/jakubroztocil/httpie/releases/tag/1.0.3 61 | - type: WEB 62 | url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html 63 | - type: WEB 64 | url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html 65 | - type: WEB 66 | url: https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html 67 | -------------------------------------------------------------------------------- /vulns/flask-unchained/PYSEC-2021-96.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-96 2 | package: 3 | name: flask-unchained 4 | ecosystem: PyPI 5 | details: This affects the package Flask-Unchained before 0.9.0. When using the the 6 | _validate_redirect_url function, it is possible to bypass URL validation and redirect 7 | a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. 8 | This vulnerability is only exploitable if an alternative WSGI server other than 9 | Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. 10 | affects: 11 | ranges: 12 | - type: GIT 13 | repo: https://github.com/briancappello/flask-unchained 14 | fixed: 71e36b28166f9ffbe0a991f51127f0984f7e6a40 15 | - type: ECOSYSTEM 16 | fixed: 0.9.0 17 | versions: 18 | - 0.1.2 19 | - 0.1.3 20 | - 0.1.4 21 | - 0.1.5 22 | - 0.1.6 23 | - 0.2.0 24 | - 0.2.1 25 | - 0.2.2 26 | - 0.3.0 27 | - 0.3.1 28 | - 0.3.2 29 | - 0.4.0 30 | - 0.4.1 31 | - 0.4.2 32 | - 0.5.0 33 | - 0.5.1 34 | - 0.6.0 35 | - 0.6.1 36 | - 0.6.2 37 | - 0.6.3 38 | - 0.6.4 39 | - 0.6.5 40 | - 0.6.6 41 | - 0.7.0 42 | - 0.7.1 43 | - 0.7.2 44 | - 0.7.3 45 | - 0.7.4 46 | - 0.7.5 47 | - 0.7.6 48 | - 0.7.7 49 | - 0.7.8 50 | - 0.7.9 51 | - 0.8.0 52 | - 0.8.1 53 | aliases: 54 | - CVE-2021-23393 55 | modified: '2021-06-15T05:47:49.199835Z' 56 | published: '2021-06-11T00:15:00Z' 57 | references: 58 | - type: WEB 59 | url: https://snyk.io/vuln/SNYK-PYTHON-FLASKUNCHAINED-1293189 60 | - type: WEB 61 | url: https://github.com/briancappello/flask-unchained/commit/71e36b28166f9ffbe0a991f51127f0984f7e6a40 62 | -------------------------------------------------------------------------------- /vulns/pillow/PYSEC-2021-39.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-39 2 | package: 3 | name: pillow 4 | ecosystem: PyPI 5 | details: An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds 6 | read in SGIRleDecode.c. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 8.1.1 11 | versions: 12 | - '1.0' 13 | - '1.1' 14 | - '1.2' 15 | - '1.3' 16 | - '1.4' 17 | - '1.5' 18 | - '1.6' 19 | - 1.7.0 20 | - 1.7.1 21 | - 1.7.2 22 | - 1.7.3 23 | - 1.7.4 24 | - 1.7.5 25 | - 1.7.6 26 | - 1.7.7 27 | - 1.7.8 28 | - 2.0.0 29 | - 2.1.0 30 | - 2.2.0 31 | - 2.2.1 32 | - 2.2.2 33 | - 2.3.0 34 | - 2.3.1 35 | - 2.3.2 36 | - 2.4.0 37 | - 2.5.0 38 | - 2.5.1 39 | - 2.5.2 40 | - 2.5.3 41 | - 2.6.0 42 | - 2.6.1 43 | - 2.6.2 44 | - 2.7.0 45 | - 2.8.0 46 | - 2.8.1 47 | - 2.8.2 48 | - 2.9.0 49 | - 3.0.0 50 | - 3.1.0.rc1 51 | - 3.1.0rc1 52 | - 3.1.0 53 | - 3.1.1 54 | - 3.1.2 55 | - 3.2.0 56 | - 3.3.0 57 | - 3.3.1 58 | - 3.3.2 59 | - 3.3.3 60 | - 3.4.0 61 | - 3.4.1 62 | - 3.4.2 63 | - 4.0.0 64 | - 4.1.0 65 | - 4.1.1 66 | - 4.2.0 67 | - 4.2.1 68 | - 4.3.0 69 | - 5.0.0 70 | - 5.1.0 71 | - 5.2.0 72 | - 5.3.0 73 | - 5.4.0.dev0 74 | - 5.4.0 75 | - 5.4.1 76 | - 6.0.0 77 | - 6.1.0 78 | - 6.2.0 79 | - 6.2.1 80 | - 6.2.2 81 | - 7.0.0 82 | - 7.1.0 83 | - 7.1.1 84 | - 7.1.2 85 | - 7.2.0 86 | - 8.0.0 87 | - 8.0.1 88 | - 8.1.0 89 | aliases: 90 | - CVE-2021-25293 91 | modified: '2021-03-22T13:36:00Z' 92 | published: '2021-03-19T04:15:00Z' 93 | references: 94 | - type: WEB 95 | url: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html 96 | -------------------------------------------------------------------------------- /vulns/omero-web/PYSEC-2021-31.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-31 2 | package: 3 | name: omero-web 4 | ecosystem: PyPI 5 | details: OMERO.web is open source Django-based software for managing microscopy imaging. 6 | OMERO.web before version 5.9.0 loads various information about the current user 7 | such as their id, name and the groups they are in, and these are available on the 8 | main webclient pages. This represents an information exposure vulnerability. Some 9 | additional information being loaded is not used by the webclient and is being removed 10 | in this release. This is fixed in version 5.9.0. 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/ome/omero-web 15 | fixed: 952f8e5d28532fbb14fb665982211329d137908c 16 | - type: ECOSYSTEM 17 | fixed: 5.9.0 18 | versions: 19 | - 5.5.dev1 20 | - 5.5.dev2 21 | - 5.6.dev1 22 | - 5.6.dev2 23 | - 5.6.dev3 24 | - 5.6.dev4 25 | - 5.6.dev5 26 | - 5.6.dev6 27 | - 5.6.dev7 28 | - 5.6.0 29 | - 5.6.1 30 | - 5.6.2 31 | - 5.6.3 32 | - 5.7.0 33 | - 5.7.1 34 | - 5.8.0 35 | - 5.8.1 36 | aliases: 37 | - CVE-2021-21376 38 | modified: '2021-03-27T01:59:00Z' 39 | published: '2021-03-23T16:15:00Z' 40 | references: 41 | - type: WEB 42 | url: https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021 43 | - type: WEB 44 | url: https://pypi.org/project/omero-web/ 45 | - type: WEB 46 | url: https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q 47 | - type: WEB 48 | url: https://www.openmicroscopy.org/security/advisories/2021-SV1/ 49 | - type: WEB 50 | url: https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c 51 | -------------------------------------------------------------------------------- /vulns/indico/PYSEC-2021-18.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-18 2 | package: 3 | name: indico 4 | ecosystem: PyPI 5 | details: CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password 6 | reset link. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 2.3.4 11 | versions: 12 | - 0.98-rc1 13 | - 0.98.0 14 | - 0.98.1 15 | - 0.98.2 16 | - '0.99' 17 | - '1.0' 18 | - '1.1' 19 | - 1.1.1 20 | - 1.1.2 21 | - '1.2' 22 | - 1.2.1rc2 23 | - 1.2.1rc4 24 | - 1.2.1rc5 25 | - 1.2.1rc6 26 | - 1.2.1rc7 27 | - 1.2.1rc9 28 | - 1.2.1rc10 29 | - 1.2.1rc11 30 | - 1.2.1 31 | - 1.2.2rc1 32 | - 1.2.2 33 | - 1.9.11.dev3 34 | - 1.9.11.dev4 35 | - 1.9.11.dev6 36 | - 1.9.11.dev7 37 | - 1.9.11.dev8 38 | - 1.9.11.dev9 39 | - 1.9.11.dev10 40 | - 1.9.11.dev11 41 | - 1.9.11.dev12 42 | - 1.9.11.dev13 43 | - 1.9.11.dev14 44 | - 1.9.11.dev15 45 | - 1.9.11.dev16 46 | - 1.9.11.dev17 47 | - 2.0a1 48 | - 2.0rc1 49 | - 2.0rc2 50 | - '2.0' 51 | - 2.0.1 52 | - 2.0.2 53 | - 2.0.3 54 | - '2.1' 55 | - 2.1.1 56 | - 2.1.2 57 | - 2.1.3 58 | - 2.1.4 59 | - 2.1.5 60 | - 2.1.6 61 | - 2.1.7 62 | - 2.1.8 63 | - 2.1.9 64 | - 2.1.10 65 | - 2.1.11 66 | - '2.2' 67 | - 2.2.1 68 | - 2.2.2 69 | - 2.2.3 70 | - 2.2.4 71 | - 2.2.5 72 | - 2.2.6 73 | - 2.2.7 74 | - 2.2.8 75 | - '2.3' 76 | - 2.3.1 77 | - 2.3.2 78 | - 2.3.3 79 | aliases: 80 | - CVE-2021-30185 81 | modified: '2021-04-15T14:13:00Z' 82 | published: '2021-04-07T14:15:00Z' 83 | references: 84 | - type: WEB 85 | url: https://github.com/indico/indico/releases/tag/v2.3.4 86 | - type: WEB 87 | url: https://www.shorebreaksecurity.com/blog/ 88 | -------------------------------------------------------------------------------- /vulns/pillow/PYSEC-2021-36.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-36 2 | package: 3 | name: pillow 4 | ecosystem: PyPI 5 | details: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is 6 | a negative-offset memcpy with an invalid size. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 8.1.1 11 | versions: 12 | - '1.0' 13 | - '1.1' 14 | - '1.2' 15 | - '1.3' 16 | - '1.4' 17 | - '1.5' 18 | - '1.6' 19 | - 1.7.0 20 | - 1.7.1 21 | - 1.7.2 22 | - 1.7.3 23 | - 1.7.4 24 | - 1.7.5 25 | - 1.7.6 26 | - 1.7.7 27 | - 1.7.8 28 | - 2.0.0 29 | - 2.1.0 30 | - 2.2.0 31 | - 2.2.1 32 | - 2.2.2 33 | - 2.3.0 34 | - 2.3.1 35 | - 2.3.2 36 | - 2.4.0 37 | - 2.5.0 38 | - 2.5.1 39 | - 2.5.2 40 | - 2.5.3 41 | - 2.6.0 42 | - 2.6.1 43 | - 2.6.2 44 | - 2.7.0 45 | - 2.8.0 46 | - 2.8.1 47 | - 2.8.2 48 | - 2.9.0 49 | - 3.0.0 50 | - 3.1.0.rc1 51 | - 3.1.0rc1 52 | - 3.1.0 53 | - 3.1.1 54 | - 3.1.2 55 | - 3.2.0 56 | - 3.3.0 57 | - 3.3.1 58 | - 3.3.2 59 | - 3.3.3 60 | - 3.4.0 61 | - 3.4.1 62 | - 3.4.2 63 | - 4.0.0 64 | - 4.1.0 65 | - 4.1.1 66 | - 4.2.0 67 | - 4.2.1 68 | - 4.3.0 69 | - 5.0.0 70 | - 5.1.0 71 | - 5.2.0 72 | - 5.3.0 73 | - 5.4.0.dev0 74 | - 5.4.0 75 | - 5.4.1 76 | - 6.0.0 77 | - 6.1.0 78 | - 6.2.0 79 | - 6.2.1 80 | - 6.2.2 81 | - 7.0.0 82 | - 7.1.0 83 | - 7.1.1 84 | - 7.1.2 85 | - 7.2.0 86 | - 8.0.0 87 | - 8.0.1 88 | - 8.1.0 89 | aliases: 90 | - CVE-2021-25290 91 | modified: '2021-03-22T14:11:00Z' 92 | published: '2021-03-19T04:15:00Z' 93 | references: 94 | - type: WEB 95 | url: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html 96 | -------------------------------------------------------------------------------- /vulns/ansible/PYSEC-2020-13.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-13 2 | package: 3 | name: ansible 4 | ecosystem: PyPI 5 | details: A flaw was found in the Ansible Engine affecting Ansible Engine versions 6 | 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible 7 | Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr 8 | and ldap_entry community modules are used. The issue discloses the LDAP bind password 9 | to stdout or a log file if a playbook task is written using the bind_pw in the parameters 10 | field. The highest threat from this vulnerability is data confidentiality. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | introduced: 2.7.0 15 | fixed: 2.7.17 16 | - type: ECOSYSTEM 17 | introduced: 2.8.0 18 | fixed: 2.8.11 19 | - type: ECOSYSTEM 20 | introduced: 2.9.0 21 | fixed: 2.9.7 22 | versions: 23 | - 2.7.0 24 | - 2.7.1 25 | - 2.7.2 26 | - 2.7.3 27 | - 2.7.4 28 | - 2.7.5 29 | - 2.7.6 30 | - 2.7.7 31 | - 2.7.8 32 | - 2.7.9 33 | - 2.7.10 34 | - 2.7.11 35 | - 2.7.12 36 | - 2.7.13 37 | - 2.7.14 38 | - 2.7.15 39 | - 2.7.16 40 | - 2.8.0 41 | - 2.8.1 42 | - 2.8.2 43 | - 2.8.3 44 | - 2.8.4 45 | - 2.8.5 46 | - 2.8.6 47 | - 2.8.7 48 | - 2.8.8 49 | - 2.8.9 50 | - 2.8.10 51 | - 2.9.0 52 | - 2.9.1 53 | - 2.9.2 54 | - 2.9.3 55 | - 2.9.4 56 | - 2.9.5 57 | - 2.9.6 58 | aliases: 59 | - CVE-2020-1746 60 | modified: '2020-05-26T17:38:00Z' 61 | published: '2020-05-12T18:15:00Z' 62 | references: 63 | - type: WEB 64 | url: https://github.com/ansible/ansible/pull/67866 65 | - type: WEB 66 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746 67 | -------------------------------------------------------------------------------- /vulns/lookatme/PYSEC-2020-61.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-61 2 | package: 3 | name: lookatme 4 | ecosystem: PyPI 5 | details: In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically 6 | loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme 7 | to render untrusted markdown may have malicious shell commands automatically run 8 | on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` 9 | and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, 10 | it is always recommended to be aware of what is being rendered with lookatme. 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/d0c-s4vage/lookatme 15 | fixed: 72fe36b784b234548d49dae60b840c37f0eb8d84 16 | - type: ECOSYSTEM 17 | fixed: 2.3.0 18 | versions: 19 | - 0.0.2 20 | - 0.1.0 21 | - 0.1.1 22 | - 0.2.0 23 | - 0.3.0 24 | - 0.4.0 25 | - 0.5.0 26 | - 1.0.0 27 | - 1.0.1 28 | - 1.1.0 29 | - 1.1.1 30 | - 1.2.0 31 | - 1.2.1 32 | - 1.3.0 33 | - 2.0.0 34 | - 2.1.0 35 | - 2.2.0 36 | aliases: 37 | - CVE-2020-15271 38 | modified: '2020-11-13T16:40:00Z' 39 | published: '2020-10-26T18:15:00Z' 40 | references: 41 | - type: WEB 42 | url: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q 43 | - type: WEB 44 | url: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 45 | - type: WEB 46 | url: https://pypi.org/project/lookatme/#history 47 | - type: WEB 48 | url: https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0 49 | - type: WEB 50 | url: https://github.com/d0c-s4vage/lookatme/pull/110 51 | -------------------------------------------------------------------------------- /vulns/django-anymail/PYSEC-2018-7.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-7 2 | package: 3 | name: django-anymail 4 | ecosystem: PyPI 5 | details: webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to 6 | a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows 7 | remote attackers to post arbitrary e-mail tracking events. 8 | affects: 9 | ranges: 10 | - type: GIT 11 | repo: https://github.com/anymail/django-anymail 12 | fixed: db586ede1fbb41dce21310ea28ae15a1cf1286c5 13 | - type: GIT 14 | repo: https://github.com/anymail/django-anymail 15 | fixed: c07998304b4a31df4c61deddcb03d3607a04691b 16 | - type: ECOSYSTEM 17 | fixed: 1.2.1 18 | versions: 19 | - '0.1' 20 | - 0.1.dev0 21 | - 0.1.dev1 22 | - 0.1.dev2 23 | - '0.10' 24 | - '0.11' 25 | - 0.11.1 26 | - '0.2' 27 | - '0.3' 28 | - 0.3.1 29 | - 0.4.1 30 | - 0.4.2 31 | - '0.5' 32 | - '0.6' 33 | - 0.6.1 34 | - '0.7' 35 | - '0.8' 36 | - '0.9' 37 | - '1.0' 38 | - 1.0rc0 39 | - '1.1' 40 | - '1.2' 41 | aliases: 42 | - CVE-2018-6596 43 | modified: '2021-06-16T00:03:22.915097Z' 44 | published: '2018-02-03T21:29:00Z' 45 | references: 46 | - type: WEB 47 | url: https://github.com/anymail/django-anymail/releases/tag/v1.3 48 | - type: WEB 49 | url: https://github.com/anymail/django-anymail/releases/tag/v1.2.1 50 | - type: WEB 51 | url: https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5 52 | - type: WEB 53 | url: https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b 54 | - type: WEB 55 | url: https://bugs.debian.org/889450 56 | - type: WEB 57 | url: https://www.debian.org/security/2018/dsa-4107 58 | -------------------------------------------------------------------------------- /vulns/pillow/PYSEC-2021-37.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-37 2 | package: 3 | name: pillow 4 | ecosystem: PyPI 5 | details: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is 6 | an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. 7 | affects: 8 | ranges: 9 | - type: ECOSYSTEM 10 | fixed: 8.1.1 11 | versions: 12 | - '1.0' 13 | - '1.1' 14 | - '1.2' 15 | - '1.3' 16 | - '1.4' 17 | - '1.5' 18 | - '1.6' 19 | - 1.7.0 20 | - 1.7.1 21 | - 1.7.2 22 | - 1.7.3 23 | - 1.7.4 24 | - 1.7.5 25 | - 1.7.6 26 | - 1.7.7 27 | - 1.7.8 28 | - 2.0.0 29 | - 2.1.0 30 | - 2.2.0 31 | - 2.2.1 32 | - 2.2.2 33 | - 2.3.0 34 | - 2.3.1 35 | - 2.3.2 36 | - 2.4.0 37 | - 2.5.0 38 | - 2.5.1 39 | - 2.5.2 40 | - 2.5.3 41 | - 2.6.0 42 | - 2.6.1 43 | - 2.6.2 44 | - 2.7.0 45 | - 2.8.0 46 | - 2.8.1 47 | - 2.8.2 48 | - 2.9.0 49 | - 3.0.0 50 | - 3.1.0.rc1 51 | - 3.1.0rc1 52 | - 3.1.0 53 | - 3.1.1 54 | - 3.1.2 55 | - 3.2.0 56 | - 3.3.0 57 | - 3.3.1 58 | - 3.3.2 59 | - 3.3.3 60 | - 3.4.0 61 | - 3.4.1 62 | - 3.4.2 63 | - 4.0.0 64 | - 4.1.0 65 | - 4.1.1 66 | - 4.2.0 67 | - 4.2.1 68 | - 4.3.0 69 | - 5.0.0 70 | - 5.1.0 71 | - 5.2.0 72 | - 5.3.0 73 | - 5.4.0.dev0 74 | - 5.4.0 75 | - 5.4.1 76 | - 6.0.0 77 | - 6.1.0 78 | - 6.2.0 79 | - 6.2.1 80 | - 6.2.2 81 | - 7.0.0 82 | - 7.1.0 83 | - 7.1.1 84 | - 7.1.2 85 | - 7.2.0 86 | - 8.0.0 87 | - 8.0.1 88 | - 8.1.0 89 | aliases: 90 | - CVE-2021-25291 91 | modified: '2021-03-22T14:09:00Z' 92 | published: '2021-03-19T04:15:00Z' 93 | references: 94 | - type: WEB 95 | url: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html 96 | -------------------------------------------------------------------------------- /vulns/qutebrowser/PYSEC-2018-27.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2018-27 2 | package: 3 | name: qutebrowser 4 | ecosystem: PyPI 5 | details: qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery 6 | flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit 7 | this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a 8 | bash script, resulting in arbitrary code execution. 9 | affects: 10 | ranges: 11 | - type: GIT 12 | repo: https://github.com/qutebrowser/qutebrowser 13 | fixed: 43e58ac865ff862c2008c510fc5f7627e10b4660 14 | - type: ECOSYSTEM 15 | fixed: 1.4.1 16 | versions: 17 | - 0.0.0 18 | - 0.1.0 19 | - 0.1.1 20 | - 0.1.2 21 | - 0.1.3 22 | - 0.1.4 23 | - 0.10.0 24 | - 0.10.1 25 | - 0.11.0 26 | - 0.11.1 27 | - 0.2.0 28 | - 0.2.1 29 | - 0.3.0 30 | - 0.4.0 31 | - 0.4.1 32 | - 0.5.0 33 | - 0.5.1 34 | - 0.6.0 35 | - 0.6.1 36 | - 0.6.2 37 | - 0.7.0 38 | - 0.8.0 39 | - 0.8.1 40 | - 0.8.2 41 | - 0.8.3 42 | - 0.8.4 43 | - 0.9.0 44 | - 0.9.1 45 | - 1.0.0 46 | - 1.0.1 47 | - 1.0.2 48 | - 1.0.3 49 | - 1.0.4 50 | - 1.1.0 51 | - 1.1.1 52 | - 1.1.2 53 | - 1.2.0 54 | - 1.2.1 55 | - 1.3.0 56 | - 1.3.1 57 | - 1.3.2 58 | - 1.3.3 59 | - 1.4.0 60 | aliases: 61 | - CVE-2018-10895 62 | modified: '2021-06-10T06:51:37.378319Z' 63 | published: '2018-07-12T12:29:00Z' 64 | references: 65 | - type: WEB 66 | url: https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 67 | - type: WEB 68 | url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10895 69 | - type: WEB 70 | url: http://www.openwall.com/lists/oss-security/2018/07/11/7 71 | -------------------------------------------------------------------------------- /vulns/jsonpickle/PYSEC-2020-49.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-49 2 | package: 3 | name: jsonpickle 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during 6 | deserialization of a malicious payload through the decode() function. Note: It has 7 | been argued that this is expected and clearly documented behaviour. pickle is known 8 | to be capable of causing arbitrary code execution, and must not be used with un-trusted 9 | data.' 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 1.4.2 14 | versions: 15 | - 0.0.1 16 | - 0.0.2 17 | - 0.0.4 18 | - 0.0.5 19 | - 0.1.0 20 | - 0.2.0 21 | - 0.3.0 22 | - 0.3.1 23 | - 0.4.0 24 | - 0.5.0-beta 25 | - 0.5.0 26 | - 0.6.0 27 | - 0.6.1 28 | - 0.7.0 29 | - 0.7.1 30 | - 0.7.2 31 | - 0.8.0 32 | - 0.9.0 33 | - 0.9.1 34 | - 0.9.2 35 | - 0.9.3 36 | - 0.9.4 37 | - 0.9.5 38 | - 0.9.6 39 | - '1.0' 40 | - '1.1' 41 | - '1.2' 42 | - '1.3' 43 | - '1.4' 44 | - 1.4.1 45 | aliases: 46 | - CVE-2020-22083 47 | modified: '2020-12-23T15:38:00Z' 48 | published: '2020-12-17T16:15:00Z' 49 | references: 50 | - type: WEB 51 | url: https://gist.github.com/j0lt-github/bb543e77a1a10c33cb56cf23d0837874 52 | - type: WEB 53 | url: https://github.com/jsonpickle/jsonpickle/issues/332 54 | - type: WEB 55 | url: https://github.com/j0lt-github/python-deserialization-attack-payload-generator 56 | - type: WEB 57 | url: https://versprite.com/blog/application-security/into-the-jar-jsonpickle-exploitation/ 58 | - type: WEB 59 | url: https://access.redhat.com/security/cve/CVE-2020-22083 60 | - type: WEB 61 | url: https://github.com/jsonpickle/jsonpickle/issues/332#issuecomment-747807494 62 | -------------------------------------------------------------------------------- /vulns/apache-airflow/PYSEC-2020-14.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-14 2 | package: 3 | name: apache-airflow 4 | ecosystem: PyPI 5 | details: An issue was found in Apache Airflow versions 1.10.10 and below. A remote 6 | code/command injection vulnerability was discovered in one of the example DAGs shipped 7 | with Airflow which would allow any authenticated user to run arbitrary commands 8 | as the user running airflow worker/scheduler (depending on the executor in use). 9 | If you already have examples disabled by setting load_examples=False in the config 10 | then you are not vulnerable. 11 | affects: 12 | ranges: 13 | - type: ECOSYSTEM 14 | fixed: 1.10.11rc1 15 | versions: 16 | - 1.8.1 17 | - 1.8.2rc1 18 | - 1.8.2 19 | - 1.9.0 20 | - 1.10.0 21 | - 1.10.1b1 22 | - 1.10.1rc2 23 | - 1.10.1 24 | - 1.10.2b2 25 | - 1.10.2rc1 26 | - 1.10.2rc2 27 | - 1.10.2rc3 28 | - 1.10.2 29 | - 1.10.3b1 30 | - 1.10.3b2 31 | - 1.10.3rc1 32 | - 1.10.3rc2 33 | - 1.10.3 34 | - 1.10.4b2 35 | - 1.10.4rc1 36 | - 1.10.4rc2 37 | - 1.10.4rc3 38 | - 1.10.4rc4 39 | - 1.10.4rc5 40 | - 1.10.4 41 | - 1.10.5rc1 42 | - 1.10.5 43 | - 1.10.6rc1 44 | - 1.10.6rc2 45 | - 1.10.6 46 | - 1.10.7rc1 47 | - 1.10.7rc2 48 | - 1.10.7rc3 49 | - 1.10.7 50 | - 1.10.8rc1 51 | - 1.10.8 52 | - 1.10.9rc1 53 | - 1.10.9 54 | - 1.10.10rc1 55 | - 1.10.10rc2 56 | - 1.10.10rc3 57 | - 1.10.10rc4 58 | - 1.10.10rc5 59 | - 1.10.10 60 | aliases: 61 | - CVE-2020-11978 62 | modified: '2020-07-22T17:15:00Z' 63 | published: '2020-07-17T00:15:00Z' 64 | references: 65 | - type: WEB 66 | url: https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E 67 | -------------------------------------------------------------------------------- /vulns/httplib2/PYSEC-2021-16.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2021-16 2 | package: 3 | name: httplib2 4 | ecosystem: PyPI 5 | details: httplib2 is a comprehensive HTTP client library for Python. In httplib2 before 6 | version 0.19.0, a malicious server which responds with long series of "\xa0" characters 7 | in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing 8 | header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 9 | which contains a new implementation of auth headers parsing using the pyparsing 10 | library. 11 | affects: 12 | ranges: 13 | - type: GIT 14 | repo: https://github.com/httplib2/httplib2 15 | fixed: bd9ee252c8f099608019709e22c0d705e98d26bc 16 | - type: ECOSYSTEM 17 | fixed: 0.19.0 18 | versions: 19 | - 0.7.0 20 | - 0.7.1 21 | - 0.7.2 22 | - 0.7.3 23 | - 0.7.4 24 | - 0.7.5 25 | - 0.7.6 26 | - 0.7.7 27 | - '0.8' 28 | - '0.9' 29 | - 0.9.1 30 | - 0.9.2 31 | - 0.10.3 32 | - 0.11.0 33 | - 0.11.1 34 | - 0.11.3 35 | - 0.12.0 36 | - 0.12.1 37 | - 0.12.3 38 | - 0.13.0 39 | - 0.13.1 40 | - 0.14.0 41 | - 0.15.0 42 | - 0.16.0 43 | - 0.17.0 44 | - 0.17.1 45 | - 0.17.2 46 | - 0.17.3 47 | - 0.17.4 48 | - 0.18.0 49 | - 0.18.1 50 | aliases: 51 | - CVE-2021-21240 52 | modified: '2021-02-12T14:56:00Z' 53 | published: '2021-02-08T20:15:00Z' 54 | references: 55 | - type: WEB 56 | url: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc 57 | - type: WEB 58 | url: https://github.com/httplib2/httplib2/pull/182 59 | - type: WEB 60 | url: https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m 61 | - type: WEB 62 | url: https://pypi.org/project/httplib2 63 | -------------------------------------------------------------------------------- /vulns/flask-cors/PYSEC-2020-43.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-43 2 | package: 3 | name: flask-cors 4 | ecosystem: PyPI 5 | details: An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 6 | 3.0.9. It allows ../ directory traversal to access private resources because resource 7 | matching does not ensure that pathnames are in a canonical format. 8 | affects: 9 | ranges: 10 | - type: ECOSYSTEM 11 | fixed: 3.0.9 12 | versions: 13 | - '1.0' 14 | - '1.1' 15 | - 1.1.1 16 | - 1.1.2 17 | - 1.1.3 18 | - 1.2.0 19 | - 1.2.1 20 | - 1.3.0 21 | - 1.3.1 22 | - 1.4.0 23 | - 1.5.0 24 | - 1.6.0 25 | - 1.6.1 26 | - 1.7.0 27 | - 1.7.1 28 | - 1.7.2 29 | - 1.7.3 30 | - 1.7.4 31 | - 1.8.0 32 | - 1.8.1 33 | - 1.9.0 34 | - 1.10.0 35 | - 1.10.1 36 | - 1.10.2 37 | - 1.10.3 38 | - 2.0.0rc1 39 | - 2.0.0 40 | - 2.0.1 41 | - 2.1.0 42 | - 2.1.1 43 | - 2.1.2 44 | - 2.1.3 45 | - 3.0.0 46 | - 3.0.1 47 | - 3.0.2 48 | - 3.0.3 49 | - 3.0.4 50 | - 3.0.6 51 | - 3.0.7 52 | - 3.0.8 53 | aliases: 54 | - CVE-2020-25032 55 | modified: '2020-10-21T12:15:00Z' 56 | published: '2020-08-31T04:15:00Z' 57 | references: 58 | - type: WEB 59 | url: https://github.com/corydolphin/flask-cors/releases/tag/3.0.9 60 | - type: WEB 61 | url: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00028.html 62 | - type: WEB 63 | url: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00032.html 64 | - type: WEB 65 | url: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00039.html 66 | - type: WEB 67 | url: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00048.html 68 | - type: WEB 69 | url: https://www.debian.org/security/2020/dsa-4775 70 | -------------------------------------------------------------------------------- /vulns/scikit-learn/PYSEC-2020-107.yaml: -------------------------------------------------------------------------------- 1 | id: PYSEC-2020-107 2 | package: 3 | name: scikit-learn 4 | ecosystem: PyPI 5 | details: '** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize 6 | and execute commands from an untrusted file that is passed to the joblib.load() 7 | function, if __reduce__ makes an os.system call. NOTE: third parties dispute this 8 | issue because the joblib.load() function is documented as unsafe and it is the user''s 9 | responsibility to use the function in a secure manner.' 10 | affects: 11 | ranges: 12 | - type: ECOSYSTEM 13 | fixed: 0.23.1 14 | versions: 15 | - '0.9' 16 | - '0.10' 17 | - '0.11' 18 | - '0.12' 19 | - 0.12.1 20 | - '0.13' 21 | - 0.13.1 22 | - 0.14a1 23 | - '0.14' 24 | - 0.14.1 25 | - 0.15.0b1 26 | - 0.15.0b2 27 | - 0.15.0 28 | - 0.15.1 29 | - 0.15.2 30 | - 0.16b1 31 | - 0.16.0 32 | - 0.16.1 33 | - 0.17b1 34 | - '0.17' 35 | - 0.17.1 36 | - 0.18rc2 37 | - '0.18' 38 | - 0.18.1 39 | - 0.18.2 40 | - 0.19b2 41 | - 0.19.0 42 | - 0.19.1 43 | - 0.19.2 44 | - 0.20rc1 45 | - 0.20.0 46 | - 0.20.1 47 | - 0.20.2 48 | - 0.20.3 49 | - 0.20.4 50 | - 0.21rc2 51 | - 0.21.0 52 | - 0.21.1 53 | - 0.21.2 54 | - 0.21.3 55 | - 0.22rc2.post1 56 | - 0.22rc3 57 | - '0.22' 58 | - 0.22.1 59 | - 0.22.2 60 | - 0.22.2.post1 61 | - 0.23.0rc1 62 | - 0.23.0 63 | aliases: 64 | - CVE-2020-13092 65 | modified: '2020-05-19T19:05:00Z' 66 | published: '2020-05-15T19:15:00Z' 67 | references: 68 | - type: WEB 69 | url: https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md 70 | - type: WEB 71 | url: https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations 72 | --------------------------------------------------------------------------------