pyup-update-coverage-4.5.2-to-6.4.4
3 years ago
Update coverage from 4.5.2 to 6.4.4
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-1.4.40
3 years ago
Update sqlalchemy from 1.2.17 to 1.4.40
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-coverage-4.5.2-to-6.4.3
3 years ago
Update coverage from 4.5.2 to 6.4.3
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-coverage-4.5.2-to-6.4.2
3 years, 1 month ago
Update coverage from 4.5.2 to 6.4.2
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-requests-2.21.0-to-2.28.1
3 years, 2 months ago
Update requests from 2.21.0 to 2.28.1
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-bleach-3.1.0-to-5.0.1
3 years, 2 months ago
Update bleach from 3.1.0 to 5.0.1
SQLAlchemy 1.2.17 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-1.4.39
3 years, 2 months ago
Update sqlalchemy from 1.2.17 to 1.4.39
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-sqlalchemy-1.2.17-to-1.4.38
3 years, 2 months ago
Update sqlalchemy from 1.2.17 to 1.4.38
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-mysqlclient-1.4.1-to-2.1.1
3 years, 2 months ago
Update mysqlclient from 1.4.1 to 2.1.1
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-requests-2.21.0-to-2.28.0
3 years, 2 months ago
Update requests from 2.21.0 to 2.28.0
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-coverage-4.5.2-to-6.4.1
3 years, 2 months ago
Update coverage from 4.5.2 to 6.4.1
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-1.4.37
3 years, 3 months ago
Update sqlalchemy from 1.2.17 to 1.4.37
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-responses-0.10.5-to-0.21.0
3 years, 3 months ago
Update responses from 0.10.5 to 0.21.0
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-coverage-4.5.2-to-6.4
3 years, 3 months ago
Update coverage from 4.5.2 to 6.4
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-coverage-4.5.2-to-6.3.3
3 years, 3 months ago
Update coverage from 4.5.2 to 6.3.3
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
Python 3 badge
URL
https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/geokrety/geokrety-api-models/)
Restructured Text
.. image:: https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg
:target: https://pyup.io/repos/github/geokrety/geokrety-api-models/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/geokrety/geokrety-api-models/"><img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/geokrety/geokrety-api-models/
RDoc
{<img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/geokrety/geokrety-api-models/]
pyup.io badge
URL
https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg
Markdown
[](https://pyup.io/repos/github/geokrety/geokrety-api-models/)
Restructured Text
.. image:: https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg
:target: https://pyup.io/repos/github/geokrety/geokrety-api-models/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/geokrety/geokrety-api-models/"><img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg(Updates)!:https://pyup.io/repos/github/geokrety/geokrety-api-models/
RDoc
{<img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/geokrety/geokrety-api-models/]