Skip to main content

Python

2173 CVEs product

Monthly

CVE-2021-21273 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-21330 PyPI MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Aiohttp Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-24105 HIGH PATCH This Week

<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Python RCE Apple Microsoft Node.js +2
NVD
CVSS 3.1
8.4
EPSS
2.1%
CVE-2021-21317 npm MEDIUM PATCH This Month

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Python Denial Of Service Uap Core
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2021-23336 MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure Fedora Debian Linux +9
NVD GitHub
CVSS 3.1
5.9
EPSS
36.0%
CVE-2021-26551 HIGH POC This Week

An issue was discovered in SmartFoxServer 2.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python Smartfoxserver
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-21240 PyPI HIGH POC PATCH This Week

httplib2 is a comprehensive HTTP client library for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Httplib2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-3281 PyPI MEDIUM PATCH This Month

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Fedora Snapcenter
NVD
CVSS 3.1
5.3
EPSS
7.6%
CVE-2021-21239 PyPI MEDIUM POC PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack Pysaml2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21238 PyPI MEDIUM PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Jwt Attack Pysaml2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3177 CRITICAL POC PATCH THREAT Act Now

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python RCE Fedora Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
9.8
EPSS
23.3%
CVE-2021-21241 PyPI HIGH PATCH This Week

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Flask Security Too
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2021-21236 PyPI MEDIUM POC PATCH This Month

CairoSVG is a Python (pypi) package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Cairosvg
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-35678 PyPI MEDIUM PATCH This Month

Autobahn|Python before 20.12.3 allows redirect header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Python Open Redirect Autobahn
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-29396 HIGH PATCH This Week

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Python Odoo
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-26263 PyPI HIGH POC PATCH This Week

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Microsoft Information Disclosure Tlslite Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-17513 PyPI MEDIUM PATCH This Month

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Python Airflow
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-26268 PyPI MEDIUM POC PATCH This Month

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Python Tensorflow
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-27351 LOW Monitor

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Advanced Package Tool
NVD
CVSS 3.1
2.8
EPSS
0.4%
CVE-2020-29651 PyPI HIGH PATCH This Week

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Py Fedora Zfs Storage Appliance Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-27783 PyPI MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml Software Collections Enterprise Linux +5
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2020-26244 PyPI MEDIUM PATCH This Month

Python oic is a Python OpenID Connect implementation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Openid Connect
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-8897 LIB HIGH POC PATCH This Week

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Aws Encryption Sdk
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-26222 Ruby HIGH POC PATCH This Week

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Dependabot
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-25658 PyPI MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Openstack Platform Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-27589 PyPI HIGH POC PATCH This Week

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Hub Rest Api Python
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15271 PyPI HIGH POC PATCH This Week

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Lookatme
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-27619 CRITICAL PATCH Act Now

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2020-16977 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Python Visual Studio Code
NVD
CVSS 3.1
7.0
EPSS
3.4%
CVE-2020-26943 PyPI CRITICAL PATCH Act Now

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Authentication Bypass Blazar Dashboard
NVD
CVSS 3.1
9.9
EPSS
3.3%
CVE-2020-15251 PyPI MEDIUM PATCH This Month

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass Channelmgnt
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-25626 PyPI MEDIUM PATCH This Month

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django Rest Framework Ceph Storage Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-26116 HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora Ubuntu Linux Solidfire +4
NVD
CVSS 3.1
7.2
EPSS
6.4%
CVE-2020-15207 PyPI CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Python Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15193 PyPI HIGH POC PATCH This Week

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Python Tensorflow Leap
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-25489 PyPI CRITICAL POC PATCH Act Now

A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Python Python Mini Racer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-13948 PyPI HIGH PATCH This Week

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Information Disclosure Superset
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-15163 PyPI HIGH PATCH This Week

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass The Update Framework
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-24584 PyPI HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-24583 PyPI HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-25032 PyPI HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal Flask Cors Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-24715 PyPI CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Scalyr Agent
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-10289 HIGH PATCH This Week

Use of unsafe yaml load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Robot Operating System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15142 PyPI CRITICAL PATCH Act Now

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Python Openapi Python Client
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%
CVE-2020-15141 PyPI MEDIUM PATCH This Month

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Python Path Traversal Openapi Python Client
NVD GitHub
CVSS 3.1
4.1
EPSS
0.9%
CVE-2020-17495 PyPI HIGH PATCH This Week

django-celery-results through 1.2.1 stores task results in the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Celery Results
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-13124 HIGH PATCH This Week

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Python Command Injection Sabnzbd
NVD GitHub
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-15118 PyPI MEDIUM PATCH This Month

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Python Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-15801 CRITICAL PATCH Act Now

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-15101 PyPI LOW PATCH Monitor

In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Freewvs
NVD GitHub
CVSS 3.1
3.3
EPSS
0.6%
CVE-2020-15720 MEDIUM PATCH This Month

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Dogtagpki
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-15105 PyPI MEDIUM PATCH This Month

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Python RCE Redis Django Two Factor Authentication
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15523 HIGH PATCH This Week

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Microsoft Information Disclosure Snapcenter
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-15415 CRITICAL POC KEV THREAT Act Now

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Vigor3900 Firmware Vigor2960 Firmware Vigor300b Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
84.6%
CVE-2020-15348 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection Python Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-4071 PyPI LOW PATCH Monitor

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Basic Auth Ip Whitelist
NVD GitHub
CVSS 3.1
2.4
EPSS
0.4%
CVE-2020-14422 MEDIUM This Month

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Python Leap Fedora Enterprise Manager Ops Center
NVD GitHub
CVSS 3.1
5.9
EPSS
12.8%
CVE-2020-13596 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Fedora Ubuntu Linux +4
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2020-13254 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Django Ubuntu Linux Fedora +4
NVD
CVSS 3.1
5.9
EPSS
6.1%
CVE-2020-13757 PyPI HIGH POC PATCH This Week

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-13388 PyPI CRITICAL POC PATCH Act Now

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Jw Util
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-1192 HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Python
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2020-1171 HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2020-13258 PyPI MEDIUM POC PATCH This Month

Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Example
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2020-13144 HIGH POC THREAT This Week

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python Open Edx Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.0%
CVE-2020-11073 HIGH POC PATCH This Week

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python RCE Command Injection Autoswitch Python Virtualenv
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11057 HIGH POC PATCH This Week

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-5741 HIGH POC KEV THREAT Act Now

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Microsoft Deserialization Media Server
NVD
CVSS 3.1
7.2
EPSS
72.8%
CVE-2020-11037 PyPI MEDIUM PATCH This Month

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Python Information Disclosure Wagtail
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-5740 HIGH POC This Week

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft Media Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-11888 PyPI MEDIUM POC PATCH This Month

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Markdown2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-1747 PyPI CRITICAL PATCH Act Now

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Pyyaml Fedora Leap +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2020-5252 PyPI MEDIUM PATCH This Month

The command-line "safety" package for Python has a potential security issue. Rated medium severity (CVSS 4.1). No vendor patch available.

Python Docker Information Disclosure Safety
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2020-10799 PyPI CRITICAL POC PATCH Act Now

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python XXE Svglib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10594 PyPI CRITICAL PATCH Act Now

An issue was discovered in drf-jwt 1.15.x before 1.15.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Django Rest Framework Json Web Tokens
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-7212 PyPI HIGH PATCH This Week

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Urllib3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-9402 PyPI HIGH POC PATCH THREAT This Week

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Python SQLi Oracle Django Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
22.5%
CVE-2020-7471 PyPI CRITICAL PATCH Act Now

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python SQLi PostgreSQL Django
NVD GitHub
CVSS 3.1
9.8
EPSS
65.3%
CVE-2020-8492 MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2020-5227 PyPI HIGH POC PATCH This Week

Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Feedgen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-5215 PyPI HIGH POC PATCH This Week

In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-8315 MEDIUM PATCH This Month

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Microsoft Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-5224 PyPI HIGH PATCH This Week

In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

XSS Python Authentication Bypass Django User Sessions
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-19844 PyPI CRITICAL POC PATCH THREAT Act Now

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Django Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
34.8%
CVE-2019-19588 PyPI HIGH POC PATCH This Week

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Validators
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-19118 PyPI MEDIUM PATCH This Month

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-19275 PyPI HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure Typed Ast
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-19274 PyPI HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure Typed Ast
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-14853 PyPI HIGH PATCH This Week

An error-handling flaw was found in python-ecdsa before version 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Python Ecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18874 PyPI HIGH PATCH This Week

psutil (aka python-psutil) through 5.6.5 can have a double free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Psutil
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Aiohttp +2
NVD GitHub
EPSS 2% CVSS 8.4
HIGH PATCH This Week

<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Python RCE Apple +4
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Python Denial Of Service +1
NVD GitHub
EPSS 36% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure +11
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in SmartFoxServer 2.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python +1
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

httplib2 is a comprehensive HTTP client library for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Httplib2
NVD GitHub
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python RCE +9
NVD GitHub
EPSS 1% CVSS 7.4
HIGH PATCH This Week

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Flask Security Too
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

CairoSVG is a Python (pypi) package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Cairosvg
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Autobahn|Python before 20.12.3 allows redirect header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Python Open Redirect Autobahn
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Python +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Microsoft Information Disclosure +1
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Python +1
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Python Tensorflow
NVD GitHub
EPSS 0% CVSS 2.8
LOW Monitor

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Advanced Package Tool
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Py +2
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml +7
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Python oic is a Python OpenID Connect implementation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Openid Connect
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Aws Encryption Sdk
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Dependabot
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Hub Rest Api Python
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Lookatme
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +1
NVD GitHub
EPSS 3% CVSS 7.0
HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Python Visual Studio Code
NVD
EPSS 3% CVSS 9.9
CRITICAL PATCH Act Now

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Authentication Bypass +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass Channelmgnt
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django Rest Framework +2
NVD
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora +6
NVD
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Python +2
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Python Tensorflow +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Python +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Information Disclosure +1
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass The Update Framework
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal +4
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Scalyr Agent
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Use of unsafe yaml load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Robot Operating System
NVD GitHub
EPSS 2% CVSS 9.0
CRITICAL PATCH Act Now

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Python +1
NVD GitHub
EPSS 1% CVSS 4.1
MEDIUM PATCH This Month

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Python Path Traversal Openapi Python Client
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

django-celery-results through 1.2.1 stores task results in the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Celery Results
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Python Command Injection Sabnzbd
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Python +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Max Data
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Freewvs
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Dogtagpki
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Python RCE Redis +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Python Microsoft Information Disclosure +1
NVD GitHub
EPSS 85% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Vigor3900 Firmware +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection +2
NVD
EPSS 0% CVSS 2.4
LOW PATCH Monitor

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Basic Auth Ip Whitelist
NVD GitHub
EPSS 13% CVSS 5.9
MEDIUM This Month

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Python Leap +2
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django +6
NVD
EPSS 6% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Django +6
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Jw Util
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Python
NVD
EPSS 14% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Example
NVD GitHub
EPSS 11% CVSS 8.8
HIGH POC THREAT This Week

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python +1
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python RCE Command Injection +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Python +1
NVD GitHub
EPSS 73% CVSS 7.2
HIGH POC KEV THREAT Act Now

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Microsoft Deserialization +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Python Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft +1
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Markdown2
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Pyyaml +3
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

The command-line "safety" package for Python has a potential security issue. Rated medium severity (CVSS 4.1). No vendor patch available.

Python Docker Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python XXE Svglib
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in drf-jwt 1.15.x before 1.15.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Django Rest Framework Json Web Tokens
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Urllib3
NVD GitHub
EPSS 23% CVSS 8.8
HIGH POC PATCH THREAT This Week

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Python SQLi Oracle +5
NVD
EPSS 65% CVSS 9.8
CRITICAL PATCH Act Now

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python SQLi PostgreSQL +1
NVD GitHub
EPSS 7% CVSS 6.5
MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Feedgen
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Tensorflow
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Microsoft Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

XSS Python Authentication Bypass +1
NVD GitHub
EPSS 35% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Django +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Validators
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Python Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An error-handling flaw was found in python-ecdsa before version 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Python Ecdsa
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

psutil (aka python-psutil) through 5.6.5 can have a double free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Psutil
NVD GitHub
Prev Page 21 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy