Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
pyyaml | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
pyyaml | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
pyyaml | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
pyyaml | 5.1.1 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
pyyaml | 5.1.1 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
pyyaml | 5.1.1 | >=5.1,<=5.1.2 |
show PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. See CVE-2019-20477. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
pyyaml | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
pyyaml | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
pyyaml | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
pyyaml | 5.1.1 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
pyyaml | 5.1.1 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
pyyaml | 5.1.1 | >=5.1,<=5.1.2 |
show PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. See CVE-2019-20477. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. |
Package | Installed | Affected | Info |
---|---|---|---|
bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
pyyaml | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
pyyaml | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
pyyaml | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
pyyaml | 5.1.1 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
pyyaml | 5.1.1 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
pyyaml | 5.1.1 | >=5.1,<=5.1.2 |
show PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. See CVE-2019-20477. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. |
https://pyup.io/repos/github/ljvmiranda921/pyswarms/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/ljvmiranda921/pyswarms/python-3-shield.svg)](https://pyup.io/repos/github/ljvmiranda921/pyswarms/)
.. image:: https://pyup.io/repos/github/ljvmiranda921/pyswarms/python-3-shield.svg :target: https://pyup.io/repos/github/ljvmiranda921/pyswarms/ :alt: Python 3
<a href="https://pyup.io/repos/github/ljvmiranda921/pyswarms/"><img src="https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/ljvmiranda921/pyswarms/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/ljvmiranda921/pyswarms/
{<img src="https://pyup.io/repos/github/ljvmiranda921/pyswarms/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/ljvmiranda921/pyswarms/]
https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg
[![Updates](https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg)](https://pyup.io/repos/github/ljvmiranda921/pyswarms/)
.. image:: https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg :target: https://pyup.io/repos/github/ljvmiranda921/pyswarms/ :alt: Updates
<a href="https://pyup.io/repos/github/ljvmiranda921/pyswarms/"><img src="https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg(Updates)!:https://pyup.io/repos/github/ljvmiranda921/pyswarms/
{<img src="https://pyup.io/repos/github/ljvmiranda921/pyswarms/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/ljvmiranda921/pyswarms/]