Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/numpy@1.9.3
Typepypi
Namespace
Namenumpy
Version1.9.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.19.1
Latest_non_vulnerable_version1.22.0
Affected_by_vulnerabilities
0
url VCID-86w7-qcmk-xyca
vulnerability_id VCID-86w7-qcmk-xyca
summary Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.
references
0
reference_url https://github.com/advisories/GHSA-5545-2q6w-2gh6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5545-2q6w-2gh6
1
reference_url https://github.com/numpy/numpy/issues/19038
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/19038
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41495
reference_id CVE-2021-41495
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41495
fixed_packages
0
url pkg:pypi/numpy@1.19.1
purl pkg:pypi/numpy@1.19.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.1
aliases CVE-2021-41495, GHSA-5545-2q6w-2gh6, PYSEC-2021-856
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86w7-qcmk-xyca
1
url VCID-d4gz-n249-4ucx
vulnerability_id VCID-d4gz-n249-4ucx
summary The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
references
0
reference_url https://github.com/advisories/GHSA-frgw-fgh6-9g52
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-frgw-fgh6-9g52
1
reference_url https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
reference_id
reference_type
scores
url https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
2
reference_url https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12852
reference_id CVE-2017-12852
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12852
fixed_packages
0
url pkg:pypi/numpy@1.13.3
purl pkg:pypi/numpy@1.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-vx94-afb7-ybdw
2
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.13.3
aliases CVE-2017-12852, GHSA-frgw-fgh6-9g52, PYSEC-2017-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4gz-n249-4ucx
2
url VCID-s2ft-3gq2-tfgv
vulnerability_id VCID-s2ft-3gq2-tfgv
summary A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.
references
0
reference_url https://github.com/advisories/GHSA-6p56-wp2h-9hxr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6p56-wp2h-9hxr
1
reference_url https://github.com/numpy/numpy
reference_id
reference_type
scores
url https://github.com/numpy/numpy
2
reference_url https://github.com/numpy/numpy/commit/ae317fd9ff3e79c0eac357d723bfc29cbd625f2e
reference_id
reference_type
scores
url https://github.com/numpy/numpy/commit/ae317fd9ff3e79c0eac357d723bfc29cbd625f2e
3
reference_url https://github.com/numpy/numpy/issues/18939
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/18939
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2021-854.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2021-854.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33430
reference_id CVE-2021-33430
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-33430
fixed_packages
0
url pkg:pypi/numpy@1.10.0
purl pkg:pypi/numpy@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-vx94-afb7-ybdw
3
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.10.0
1
url pkg:pypi/numpy@1.21
purl pkg:pypi/numpy@1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.21
aliases CVE-2021-33430, GHSA-6p56-wp2h-9hxr, PYSEC-2021-854
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s2ft-3gq2-tfgv
3
url VCID-trpn-8hvc-5qd8
vulnerability_id VCID-trpn-8hvc-5qd8
summary Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.
references
0
reference_url https://github.com/advisories/GHSA-fpfv-jqm9-f5jm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fpfv-jqm9-f5jm
1
reference_url https://github.com/numpy/numpy/issues/18993
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/18993
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34141
reference_id CVE-2021-34141
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-34141
fixed_packages
0
url pkg:pypi/numpy@1.10.0
purl pkg:pypi/numpy@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-vx94-afb7-ybdw
3
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.10.0
1
url pkg:pypi/numpy@1.22.0
purl pkg:pypi/numpy@1.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.22.0
aliases CVE-2021-34141, GHSA-fpfv-jqm9-f5jm, PYSEC-2021-855
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trpn-8hvc-5qd8
4
url VCID-vx94-afb7-ybdw
vulnerability_id VCID-vx94-afb7-ybdw
summary ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3335
4
reference_url https://access.redhat.com/errata/RHSA-2019:3704
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3704
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1122208
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1122208
6
reference_url https://github.com/numpy/numpy/issues/12759
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/12759
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
8
reference_url http://www.securityfocus.com/bid/106670
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106670
fixed_packages
0
url pkg:pypi/numpy@1.16.1
purl pkg:pypi/numpy@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.16.1
aliases CVE-2019-6446, PYSEC-2019-108
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx94-afb7-ybdw
5
url VCID-xmpe-ucks-uubr
vulnerability_id VCID-xmpe-ucks-uubr
summary Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.
references
0
reference_url https://github.com/advisories/GHSA-f7c7-j99h-c22f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f7c7-j99h-c22f
1
reference_url https://github.com/numpy/numpy/issues/19000
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/19000
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41496
reference_id CVE-2021-41496
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41496
fixed_packages
0
url pkg:pypi/numpy@1.19.0
purl pkg:pypi/numpy@1.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.0
aliases CVE-2021-41496, GHSA-f7c7-j99h-c22f, PYSEC-2021-857
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmpe-ucks-uubr
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.9.3