Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions vulns/eve/PYSEC-2018-8.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
id: PYSEC-2018-8
details: io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers
details: io/mongo/parser.py in Eve (aka pyeve) before 0.7.6 allows remote attackers
to execute arbitrary code via Code Injection in the where parameter.
affected:
- package:
Expand All @@ -15,7 +15,7 @@ affected:
- type: ECOSYSTEM
events:
- introduced: '0'
- fixed: 0.7.5
- fixed: 0.7.6
versions:
- 0.0.1
- 0.0.2
Expand Down Expand Up @@ -45,6 +45,7 @@ affected:
- 0.7.2
- 0.7.3
- 0.7.4
- 0.7.5
references:
- type: REPORT
url: https://github.com/pyeve/eve/issues/1101
Expand All @@ -55,5 +56,5 @@ references:
aliases:
- CVE-2018-8097
- GHSA-8jxq-75rw-fhj9
modified: '2021-06-10T06:51:29.570871Z'
modified: '2026-04-21T00:00:00Z'
published: '2018-03-14T12:29:00Z'
7 changes: 4 additions & 3 deletions vulns/gradio/PYSEC-2021-873.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
id: PYSEC-2021-873
details: Gradio is an open source framework for building interactive machine learning
models and demos. In versions prior to 2.5.0 there is a vulnerability that affects
models and demos. In versions prior to 2.5.1 there is a vulnerability that affects
anyone who creates and publicly shares Gradio interfaces. File paths are not restricted
and users who receive a Gradio link can access any files on the host computer if
they know the file names or file paths. This is limited only by the host operating
Expand All @@ -9,7 +9,7 @@ details: Gradio is an open source framework for building interactive machine lea
aliases:
- CVE-2021-43831
- GHSA-rhq2-3vr9-6mcr
modified: '2023-05-25T05:07:00Z'
modified: '2026-04-21T00:00:00Z'
published: '2021-12-15T20:15:00Z'
references:
- type: FIX
Expand All @@ -30,7 +30,7 @@ affected:
- type: ECOSYSTEM
events:
- introduced: '0'
- fixed: 2.5.0
- fixed: 2.5.1
versions:
- 0.1.0
- 0.1.1
Expand Down Expand Up @@ -195,3 +195,4 @@ affected:
- 2.4.7b7
- 2.4.7b8
- 2.4.7b9
- 2.5.0
13 changes: 11 additions & 2 deletions vulns/langchain-experimental/PYSEC-2023-194.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ details: langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023
fix and execute arbitrary code via the PALChain in the python exec method.
aliases:
- CVE-2023-44467
modified: '2025-02-23T07:46:11Z'
modified: '2026-04-21T00:00:00Z'
published: '2023-10-09T20:15:00Z'
references:
- type: FIX
Expand All @@ -24,14 +24,23 @@ affected:
- type: ECOSYSTEM
events:
- introduced: '0'
- fixed: '0.0.15'
- fixed: '0.0.24'
versions:
- 0.0.1
- 0.0.10
- 0.0.11
- 0.0.12
- 0.0.13
- 0.0.14
- 0.0.15
- 0.0.16
- 0.0.17
- 0.0.18
- 0.0.19
- 0.0.20
- 0.0.21
- 0.0.22
- 0.0.23
- 0.0.1rc1
- 0.0.1rc2
- 0.0.1rc3
Expand Down
22 changes: 20 additions & 2 deletions vulns/langchain/PYSEC-2024-115.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ details: A vulnerability in the GraphCypherQAChain class of langchain-ai/langcha
across different tenants, and compromise the integrity of the database.
aliases:
- CVE-2024-8309
modified: '2024-11-12T19:19:57.535206Z'
modified: '2026-04-21T00:00:00Z'
published: '2024-11-05T16:04:14Z'
references:
- type: EVIDENCE
Expand All @@ -31,7 +31,7 @@ affected:
- type: ECOSYSTEM
events:
- introduced: '0'
- fixed: 0.2.0
- fixed: 0.3.0
versions:
- 0.0.1
- 0.0.10
Expand Down Expand Up @@ -421,6 +421,24 @@ affected:
- 0.1.9
- 0.2.0rc1
- 0.2.0rc2
- 0.2.0
- 0.2.1
- 0.2.2
- 0.2.3
- 0.2.4
- 0.2.5
- 0.2.6
- 0.2.7
- 0.2.8
- 0.2.9
- 0.2.10
- 0.2.11
- 0.2.12
- 0.2.13
- 0.2.14
- 0.2.15
- 0.2.16
- 0.2.17
- package:
name: langchain-community
ecosystem: PyPI
Expand Down
9 changes: 5 additions & 4 deletions vulns/oauthlib/PYSEC-2022-269.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
id: PYSEC-2022-269
details: OAuthLib is an implementation of the OAuth request-signing logic for Python
3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect
3.6+. In OAuthLib versions 3.1.1 until 3.2.2, an attacker providing malicious redirect
uri can cause denial of service. An attacker can also leverage usage of `uri_validate`
functions depending where it is used. OAuthLib applications using OAuth2.0 provider
support or use directly `uri_validate` are affected by this issue. Version 3.2.1
support or use directly `uri_validate` are affected by this issue. Version 3.2.2
contains a patch. There are no known workarounds.
affected:
- package:
Expand All @@ -19,10 +19,11 @@ affected:
- type: ECOSYSTEM
events:
- introduced: 3.1.1
- fixed: 3.2.1
- fixed: 3.2.2
versions:
- 3.1.1
- 3.2.0
- 3.2.1
references:
- type: WEB
url: https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py
Expand All @@ -37,5 +38,5 @@ references:
aliases:
- CVE-2022-36087
- GHSA-3pgj-pg6c-r5p7
modified: "2022-09-15T06:38:55.424021Z"
modified: '2026-04-21T00:00:00Z'
published: "2022-09-09T21:15:00Z"
6 changes: 3 additions & 3 deletions vulns/rdiffweb/PYSEC-2022-296.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
id: PYSEC-2022-296
details: Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb
prior to 2.4.8.
prior to 2.4.9.
affected:
- package:
name: rdiffweb
Expand All @@ -15,7 +15,7 @@ affected:
- type: ECOSYSTEM
events:
- introduced: "0"
- fixed: 2.4.8
- fixed: 2.4.9
references:
- type: EVIDENCE
url: https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d
Expand All @@ -25,5 +25,5 @@ references:
url: https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
aliases:
- CVE-2022-3292
modified: "2022-09-30T17:34:00Z"
modified: '2026-04-21T00:00:00Z'
published: "2022-09-28T21:15:00Z"
Loading