Pypi
Products
36- 3 CVEs
- 3 CVEs
- d8s-html2 CVEspypi
- d8s-pdfs2 CVEspypi
- bin-collect1 CVEpypi
- bin-collection1 CVEpypi
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- d8s-algorithms1 CVEpypi
- d8s-strings1 CVEpypi
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- keep1 CVEpypi
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- pyanxdns1 CVEpypi
- PyCrowdTangle1 CVEpypi
- 1 CVE
- pyesasky1 CVEpypi
- View all 36 products →
Recent CVEs
39| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-42040 | Cri | 0.64 | 9.8 | 0.05 | Oct 11, 2022 | The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||
| CVE-2022-41387 | Cri | 0.64 | 9.8 | 0.01 | Oct 11, 2022 | The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | ||
| CVE-2022-41385 | Cri | 0.64 | 9.8 | 0.01 | Oct 11, 2022 | The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | ||
| CVE-2022-40812 | Cri | 0.64 | 9.8 | 0.01 | Sep 19, 2022 | The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||
| CVE-2022-40432 | Cri | 0.64 | 9.8 | 0.01 | Sep 19, 2022 | The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | ||
| CVE-2022-40425 | Cri | 0.64 | 9.8 | 0.01 | Sep 19, 2022 | The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||
| CVE-2022-34981 | Cri | 0.64 | 9.8 | 0.01 | Jul 22, 2022 | The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. | ||
| CVE-2022-34501 | Cri | 0.64 | 9.8 | 0.01 | Jul 22, 2022 | The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | ||
| CVE-2022-34500 | Cri | 0.64 | 9.8 | 0.01 | Jul 22, 2022 | The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | ||
| CVE-2022-30885 | Cri | 0.64 | 9.8 | 0.02 | Jun 24, 2022 | The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2. | ||
| CVE-2022-30882 | Cri | 0.64 | 9.8 | 0.02 | Jun 8, 2022 | pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. | ||
| CVE-2022-30877 | Cri | 0.64 | 9.8 | 0.02 | Jun 8, 2022 | The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. | ||
| CVE-2026-12205 | Cri | 0.59 | 9.1 | 0.00 | Jun 15, 2026 | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later… | ||
| CVE-2026-45832 | Hig | 0.57 | 8.8 | 0.00 | Jun 12, 2026 | All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints. | ||
| CVE-2026-13676 | imp | 0.49 | 7.5 | 0.00 | Jun 29, 2026 | fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization | ||
| CVE-2026-4870 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2026 | IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser. | ||
| CVE-2026-3840 | Hig | 0.46 | 7.1 | 0.00 | Jun 12, 2026 | A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.… | ||
| CVE-2026-54421 | Med | 0.44 | 6.8 | 0.00 | Jun 14, 2026 | In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security… | ||
| CVE-2026-36725 | Med | 0.40 | 6.1 | 0.00 | Jun 9, 2026 | A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter. | ||
| CVE-2026-48099 | hig | 0.39 | — | 0.00 | Jun 11, 2026 | ### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends… |
- risk 0.64cvss 9.8epss 0.05
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.
- risk 0.64cvss 9.8epss 0.01
The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
- risk 0.64cvss 9.8epss 0.01
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
- risk 0.64cvss 9.8epss 0.01
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
- risk 0.64cvss 9.8epss 0.01
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.
- risk 0.64cvss 9.8epss 0.01
The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
- risk 0.64cvss 9.8epss 0.01
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.
- risk 0.64cvss 9.8epss 0.01
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.
- risk 0.64cvss 9.8epss 0.01
The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.
- risk 0.64cvss 9.8epss 0.02
The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.
- risk 0.64cvss 9.8epss 0.02
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed.
- risk 0.64cvss 9.8epss 0.02
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.
- risk 0.59cvss 9.1epss 0.00
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…
- risk 0.57cvss 8.8epss 0.00
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.
- risk 0.49cvss 7.5epss 0.00
fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization
- risk 0.49cvss 7.5epss 0.00
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
- risk 0.46cvss 7.1epss 0.00
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.…
- risk 0.44cvss 6.8epss 0.00
In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security…
- risk 0.40cvss 6.1epss 0.00
A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.
- risk 0.39cvss —epss 0.00
### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends…