Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-40808
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
Democritus Dates Project Democritus Dates 0.1.0
9.8
CVSSv3
CVE-2022-40424
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0
Democritus Urls Project Democritus Urls 0.1.0
9.8
CVSSv3
CVE-2022-40427
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0
Democritus Domains Project Democritus Domains 0.1.0
9.8
CVSSv3
CVE-2022-38880
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.
Democritus Urls Project Democritus Urls 0.1.0
9.8
CVSSv3
CVE-2022-2634
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
Digi Connectport X2d Firmware
9.8
CVSSv3
CVE-2022-34265
An issue exists in Django 3.2 prior to 3.2.14 and 4.0 prior to 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list ...
Djangoproject Django
8 Github repositories
9.8
CVSSv3
CVE-2022-30885
The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.
Esa Pyesasky
9.8
CVSSv3
CVE-2022-30877
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.
Keep Project Keep 1.2
9.8
CVSSv3
CVE-2022-24065
The package cookiecutter prior to 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The addit...
Cookiecutter Project Cookiecutter
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2022-31799
Bottle prior to 0.12.20 mishandles errors during early request binding.
Bottlepy Bottle
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »