Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
requests | 2.32.3 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
requests | 2.32.3 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
requests | 2.32.3 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
requests | 2.32.3 | <2.32.4 |
show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
django-stubs | 5.0.2 | <5.2.0 |
show Affected versions of django-stubs are potentially vulnerable to Security Misconfiguration. The inclusion of type stubs for deprecated and insecure password hashers (MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher) may inadvertently encourage their use in Django applications. This can lead to the storage of user passwords using weak hashing algorithms, making them susceptible to brute-force attacks. |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Package | Installed | Affected | Info |
---|---|---|---|
Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
Django | 5.1.5 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
Django | 5.1.5 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
Django | 5.1.5 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
https://pyup.io/repos/github/just-work/django-video-transcoding/python-3-shield.svg
[](https://pyup.io/repos/github/just-work/django-video-transcoding/)
.. image:: https://pyup.io/repos/github/just-work/django-video-transcoding/python-3-shield.svg :target: https://pyup.io/repos/github/just-work/django-video-transcoding/ :alt: Python 3
<a href="https://pyup.io/repos/github/just-work/django-video-transcoding/"><img src="https://pyup.io/repos/github/just-work/django-video-transcoding/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/just-work/django-video-transcoding/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/just-work/django-video-transcoding/
{<img src="https://pyup.io/repos/github/just-work/django-video-transcoding/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/just-work/django-video-transcoding/]
https://pyup.io/repos/github/just-work/django-video-transcoding/shield.svg
[](https://pyup.io/repos/github/just-work/django-video-transcoding/)
.. image:: https://pyup.io/repos/github/just-work/django-video-transcoding/shield.svg :target: https://pyup.io/repos/github/just-work/django-video-transcoding/ :alt: Updates
<a href="https://pyup.io/repos/github/just-work/django-video-transcoding/"><img src="https://pyup.io/repos/github/just-work/django-video-transcoding/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/just-work/django-video-transcoding/shield.svg(Updates)!:https://pyup.io/repos/github/just-work/django-video-transcoding/
{<img src="https://pyup.io/repos/github/just-work/django-video-transcoding/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/just-work/django-video-transcoding/]