Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
SQLAlchemy | 1.2.17 | ==1.2.17 |
show SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 |
https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg)](https://pyup.io/repos/github/geokrety/geokrety-api-models/)
.. image:: https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg :target: https://pyup.io/repos/github/geokrety/geokrety-api-models/ :alt: Python 3
<a href="https://pyup.io/repos/github/geokrety/geokrety-api-models/"><img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/geokrety/geokrety-api-models/
{<img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/geokrety/geokrety-api-models/]
https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg
[![Updates](https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg)](https://pyup.io/repos/github/geokrety/geokrety-api-models/)
.. image:: https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg :target: https://pyup.io/repos/github/geokrety/geokrety-api-models/ :alt: Updates
<a href="https://pyup.io/repos/github/geokrety/geokrety-api-models/"><img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg(Updates)!:https://pyup.io/repos/github/geokrety/geokrety-api-models/
{<img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/geokrety/geokrety-api-models/]