Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/numpy@1.0rc1
Typepypi
Namespace
Namenumpy
Version1.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.19.1
Latest_non_vulnerable_version1.22.0
Affected_by_vulnerabilities
0
url VCID-86w7-qcmk-xyca
vulnerability_id VCID-86w7-qcmk-xyca
summary Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.
references
0
reference_url https://github.com/advisories/GHSA-5545-2q6w-2gh6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5545-2q6w-2gh6
1
reference_url https://github.com/numpy/numpy/issues/19038
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/19038
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41495
reference_id CVE-2021-41495
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41495
fixed_packages
0
url pkg:pypi/numpy@1.19.1
purl pkg:pypi/numpy@1.19.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.1
aliases CVE-2021-41495, GHSA-5545-2q6w-2gh6, PYSEC-2021-856
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86w7-qcmk-xyca
1
url VCID-d4gz-n249-4ucx
vulnerability_id VCID-d4gz-n249-4ucx
summary The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
references
0
reference_url https://github.com/advisories/GHSA-frgw-fgh6-9g52
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-frgw-fgh6-9g52
1
reference_url https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
reference_id
reference_type
scores
url https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
2
reference_url https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12852
reference_id CVE-2017-12852
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12852
fixed_packages
0
url pkg:pypi/numpy@1.13.3
purl pkg:pypi/numpy@1.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-vx94-afb7-ybdw
2
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.13.3
aliases CVE-2017-12852, GHSA-frgw-fgh6-9g52, PYSEC-2017-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4gz-n249-4ucx
2
url VCID-hgxa-jmn2-7udg
vulnerability_id VCID-hgxa-jmn2-7udg
summary (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
reference_id
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1062009
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1062009
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/91317
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/91317
5
reference_url https://github.com/advisories/GHSA-2fc2-6r4j-p65h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2fc2-6r4j-p65h
6
reference_url https://github.com/numpy/numpy
reference_id
reference_type
scores
url https://github.com/numpy/numpy
7
reference_url https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
reference_id
reference_type
scores
url https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
8
reference_url https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
reference_id
reference_type
scores
url https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
9
reference_url https://github.com/numpy/numpy/pull/4262
reference_id
reference_type
scores
url https://github.com/numpy/numpy/pull/4262
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-34.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-34.yaml
11
reference_url https://web.archive.org/web/20200228165750/http://www.securityfocus.com/bid/65440
reference_id
reference_type
scores
url https://web.archive.org/web/20200228165750/http://www.securityfocus.com/bid/65440
12
reference_url http://www.openwall.com/lists/oss-security/2014/02/08/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/02/08/3
13
reference_url http://www.securityfocus.com/bid/65440
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65440
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1859
reference_id CVE-2014-1859
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-1859
fixed_packages
0
url pkg:pypi/numpy@1.8.1
purl pkg:pypi/numpy@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-vx94-afb7-ybdw
3
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.8.1
aliases CVE-2014-1859, GHSA-2fc2-6r4j-p65h, PYSEC-2018-34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgxa-jmn2-7udg
3
url VCID-tefk-aqbz-z3gh
vulnerability_id VCID-tefk-aqbz-z3gh
summary __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
reference_id
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1062009
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1062009
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
5
reference_url https://github.com/advisories/GHSA-cw6w-4rcx-xphc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-cw6w-4rcx-xphc
6
reference_url https://github.com/numpy/numpy
reference_id
reference_type
scores
url https://github.com/numpy/numpy
7
reference_url https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
reference_id
reference_type
scores
url https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
8
reference_url https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
reference_id
reference_type
scores
url https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
9
reference_url https://github.com/numpy/numpy/pull/4262
reference_id
reference_type
scores
url https://github.com/numpy/numpy/pull/4262
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-33.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-33.yaml
11
reference_url http://www.openwall.com/lists/oss-security/2014/02/08/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/02/08/3
12
reference_url http://www.securityfocus.com/bid/65441
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65441
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1858
reference_id CVE-2014-1858
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-1858
fixed_packages
0
url pkg:pypi/numpy@1.8.1
purl pkg:pypi/numpy@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-vx94-afb7-ybdw
3
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.8.1
aliases CVE-2014-1858, GHSA-cw6w-4rcx-xphc, PYSEC-2018-33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tefk-aqbz-z3gh
4
url VCID-vx94-afb7-ybdw
vulnerability_id VCID-vx94-afb7-ybdw
summary ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3335
4
reference_url https://access.redhat.com/errata/RHSA-2019:3704
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3704
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1122208
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1122208
6
reference_url https://github.com/numpy/numpy/issues/12759
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/12759
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
8
reference_url http://www.securityfocus.com/bid/106670
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106670
fixed_packages
0
url pkg:pypi/numpy@1.16.1
purl pkg:pypi/numpy@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.16.1
aliases CVE-2019-6446, PYSEC-2019-108
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx94-afb7-ybdw
5
url VCID-xmpe-ucks-uubr
vulnerability_id VCID-xmpe-ucks-uubr
summary Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.
references
0
reference_url https://github.com/advisories/GHSA-f7c7-j99h-c22f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f7c7-j99h-c22f
1
reference_url https://github.com/numpy/numpy/issues/19000
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/19000
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41496
reference_id CVE-2021-41496
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41496
fixed_packages
0
url pkg:pypi/numpy@1.19.0
purl pkg:pypi/numpy@1.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.0
aliases CVE-2021-41496, GHSA-f7c7-j99h-c22f, PYSEC-2021-857
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmpe-ucks-uubr
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0rc1