VYPR
Vendor

Pypi

Products
36
CVEs
39
Across products
36
Status
Private

Products

36
View all 36 products →

Recent CVEs

39
View all 39 CVEs →
  • CVE-2022-42040CriOct 11, 2022
    risk 0.64cvss 9.8epss 0.05

    The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.

  • CVE-2022-41387CriOct 11, 2022
    risk 0.64cvss 9.8epss 0.01

    The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

  • CVE-2022-41385CriOct 11, 2022
    risk 0.64cvss 9.8epss 0.01

    The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

  • CVE-2022-40812CriSep 19, 2022
    risk 0.64cvss 9.8epss 0.01

    The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

  • CVE-2022-40432CriSep 19, 2022
    risk 0.64cvss 9.8epss 0.01

    The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.

  • CVE-2022-40425CriSep 19, 2022
    risk 0.64cvss 9.8epss 0.01

    The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.

  • CVE-2022-34981CriJul 22, 2022
    risk 0.64cvss 9.8epss 0.01

    The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

  • CVE-2022-34501CriJul 22, 2022
    risk 0.64cvss 9.8epss 0.01

    The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

  • CVE-2022-34500CriJul 22, 2022
    risk 0.64cvss 9.8epss 0.01

    The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

  • CVE-2022-30885CriJun 24, 2022
    risk 0.64cvss 9.8epss 0.02

    The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.

  • CVE-2022-30882CriJun 8, 2022
    risk 0.64cvss 9.8epss 0.02

    pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed.

  • CVE-2022-30877CriJun 8, 2022
    risk 0.64cvss 9.8epss 0.02

    The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.

  • CVE-2026-12205CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…

  • CVE-2026-45832HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

  • CVE-2026-13676impJun 29, 2026
    risk 0.49cvss 7.5epss 0.00

    fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization

  • CVE-2026-4870HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.

  • CVE-2026-3840HigJun 12, 2026
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.…

  • CVE-2026-54421MedJun 14, 2026
    risk 0.44cvss 6.8epss 0.00

    In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security…

  • CVE-2026-36725MedJun 9, 2026
    risk 0.40cvss 6.1epss 0.00

    A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.

  • CVE-2026-48099higJun 11, 2026
    risk 0.39cvss epss 0.00

    ### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends…