Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python pypi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-40424
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0
Democritus Urls Project Democritus Urls 0.1.0
9.8
CVSSv3
CVE-2022-38880
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.
Democritus Urls Project Democritus Urls 0.1.0
9.8
CVSSv3
CVE-2022-30885
The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.
Esa Pyesasky
9.8
CVSSv3
CVE-2022-30877
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.
Keep Project Keep 1.2
9.8
CVSSv3
CVE-2022-28470
marcador package in PyPI 0.1 up to and including 0.13 included a code-execution backdoor.
Python Pypi
8.8
CVSSv3
CVE-2022-43306
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.
Democritus D8s-timer 0.1.0
8.8
CVSSv3
CVE-2020-15271
In lookatme (python/pypi package) versions before 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their sy...
Lookatme Project Lookatme
8.2
CVSSv3
CVE-2021-21332
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting ...
Matrix Synapse
Fedoraproject Fedora 34
7.8
CVSSv3
CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install anot...
Frostming Pdm
Frostming Unearth
7.5
CVSSv3
CVE-2022-42965
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method
Snowflake Snowflake-connector-python
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »