Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/numpy@1.10.4
Typepypi
Namespace
Namenumpy
Version1.10.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.19.1
Latest_non_vulnerable_version1.19.1
Affected_by_vulnerabilities
0
url VCID-86w7-qcmk-xyca
vulnerability_id VCID-86w7-qcmk-xyca
summary Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.
references
0
reference_url https://github.com/advisories/GHSA-5545-2q6w-2gh6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5545-2q6w-2gh6
1
reference_url https://github.com/numpy/numpy/issues/19038
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/19038
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41495
reference_id CVE-2021-41495
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41495
fixed_packages
0
url pkg:pypi/numpy@1.19.1
purl pkg:pypi/numpy@1.19.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.1
aliases CVE-2021-41495, GHSA-5545-2q6w-2gh6, PYSEC-2021-856
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86w7-qcmk-xyca
1
url VCID-d4gz-n249-4ucx
vulnerability_id VCID-d4gz-n249-4ucx
summary The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
references
0
reference_url https://github.com/advisories/GHSA-frgw-fgh6-9g52
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-frgw-fgh6-9g52
1
reference_url https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
reference_id
reference_type
scores
url https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
2
reference_url https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12852
reference_id CVE-2017-12852
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12852
fixed_packages
0
url pkg:pypi/numpy@1.13.3
purl pkg:pypi/numpy@1.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-vx94-afb7-ybdw
2
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.13.3
aliases CVE-2017-12852, GHSA-frgw-fgh6-9g52, PYSEC-2017-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4gz-n249-4ucx
2
url VCID-vx94-afb7-ybdw
vulnerability_id VCID-vx94-afb7-ybdw
summary ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3335
4
reference_url https://access.redhat.com/errata/RHSA-2019:3704
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3704
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1122208
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1122208
6
reference_url https://github.com/numpy/numpy/issues/12759
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/12759
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
8
reference_url http://www.securityfocus.com/bid/106670
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106670
fixed_packages
0
url pkg:pypi/numpy@1.16.1
purl pkg:pypi/numpy@1.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.16.1
aliases CVE-2019-6446, PYSEC-2019-108
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx94-afb7-ybdw
3
url VCID-xmpe-ucks-uubr
vulnerability_id VCID-xmpe-ucks-uubr
summary Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.
references
0
reference_url https://github.com/advisories/GHSA-f7c7-j99h-c22f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f7c7-j99h-c22f
1
reference_url https://github.com/numpy/numpy/issues/19000
reference_id
reference_type
scores
url https://github.com/numpy/numpy/issues/19000
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41496
reference_id CVE-2021-41496
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41496
fixed_packages
0
url pkg:pypi/numpy@1.19.0
purl pkg:pypi/numpy@1.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.0
aliases CVE-2021-41496, GHSA-f7c7-j99h-c22f, PYSEC-2021-857
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmpe-ucks-uubr
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.10.4