Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.6.20
Typepypi
Namespace
Nameansible
Version2.6.20
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.1rc2
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-3jxq-kxnz-6bfh
vulnerability_id VCID-3jxq-kxnz-6bfh
summary A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20228
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47749
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20228
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
2
reference_url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
3
reference_url https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
4
reference_url https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
5
reference_url https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
6
reference_url https://github.com/ansible/ansible/pull/73487
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73487
7
reference_url https://github.com/ansible/ansible/pull/73492
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73492
8
reference_url https://github.com/ansible/ansible/pull/73493
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73493
9
reference_url https://github.com/ansible/ansible/pull/73494
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73494
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
11
reference_url https://www.debian.org/security/2021/dsa-4950
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4950
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20228
reference_id CVE-2021-20228
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-20228
fixed_packages
0
url pkg:pypi/ansible@2.8.19rc1
purl pkg:pypi/ansible@2.8.19rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-95kg-bk3s-g7gx
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
8
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1
1
url pkg:pypi/ansible@2.9.18rc1
purl pkg:pypi/ansible@2.9.18rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-b8cv-v25q-1kh3
3
vulnerability VCID-enwa-2cfn-5uab
4
vulnerability VCID-kgjy-7kdy-c3cg
5
vulnerability VCID-m87b-eb5y-8ydf
6
vulnerability VCID-qtt6-8kf8-1fbt
7
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1
2
url pkg:pypi/ansible@2.9.19
purl pkg:pypi/ansible@2.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-enwa-2cfn-5uab
2
vulnerability VCID-kgjy-7kdy-c3cg
3
vulnerability VCID-m87b-eb5y-8ydf
4
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19
3
url pkg:pypi/ansible@2.10.6rc1
purl pkg:pypi/ansible@2.10.6rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6rc1
aliases CVE-2021-20228, GHSA-5rrg-rr89-x9mv, PYSEC-2021-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jxq-kxnz-6bfh
1
url VCID-4331-d5yy-uybc
vulnerability_id VCID-4331-d5yy-uybc
summary A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1733
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08127
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1733
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
2
reference_url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
3
reference_url https://github.com/ansible/ansible/issues/67791
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67791
4
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
8
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.8
purl pkg:pypi/ansible@2.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b423-t4kx-eqbq
6
vulnerability VCID-b8cv-v25q-1kh3
7
vulnerability VCID-brft-snn6-guc8
8
vulnerability VCID-bvsa-kz7r-zyea
9
vulnerability VCID-enwa-2cfn-5uab
10
vulnerability VCID-hyr1-b223-bkef
11
vulnerability VCID-kgjy-7kdy-c3cg
12
vulnerability VCID-m87b-eb5y-8ydf
13
vulnerability VCID-n2b8-e8fa-2ue1
14
vulnerability VCID-nx86-xnct-afbs
15
vulnerability VCID-qtt6-8kf8-1fbt
16
vulnerability VCID-rarq-tdjt-hff3
17
vulnerability VCID-rnub-zmb6-5yhw
18
vulnerability VCID-tfhg-gzz2-7qc5
19
vulnerability VCID-uvca-5e2n-pqew
20
vulnerability VCID-xpfd-zdry-euh5
21
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1733, GHSA-g4mq-6fp5-qwcf, PYSEC-2020-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4331-d5yy-uybc
2
url VCID-5mcc-gtrr-j3e4
vulnerability_id VCID-5mcc-gtrr-j3e4
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20178
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.0848
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20178
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
2
reference_url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
3
reference_url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
4
reference_url https://github.com/ansible-collections/community.general/pull/1635,
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.general/pull/1635,
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
7
reference_url https://security.archlinux.org/ASA-202102-9
reference_id ASA-202102-9
reference_type
scores
url https://security.archlinux.org/ASA-202102-9
8
reference_url https://security.archlinux.org/AVG-1437
reference_id AVG-1437
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1437
fixed_packages
0
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-b8cv-v25q-1kh3
2
vulnerability VCID-enwa-2cfn-5uab
3
vulnerability VCID-kgjy-7kdy-c3cg
4
vulnerability VCID-m87b-eb5y-8ydf
5
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
aliases CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mcc-gtrr-j3e4
3
url VCID-6hdk-ywcn-4qe4
vulnerability_id VCID-6hdk-ywcn-4qe4
summary A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1753
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16115
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1753
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
2
reference_url https://github.com/advisories/GHSA-86hp-cj9j-33vv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-86hp-cj9j-33vv
3
reference_url https://github.com/ansible-collections/kubernetes/pull/51
reference_id
reference_type
scores
url https://github.com/ansible-collections/kubernetes/pull/51
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.18
purl pkg:pypi/ansible@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-95kg-bk3s-g7gx
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-gnq4-v5a7-m3ew
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-nx86-xnct-afbs
9
vulnerability VCID-qtt6-8kf8-1fbt
10
vulnerability VCID-uvca-5e2n-pqew
11
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18
1
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-nx86-xnct-afbs
9
vulnerability VCID-qtt6-8kf8-1fbt
10
vulnerability VCID-tfhg-gzz2-7qc5
11
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
2
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-nx86-xnct-afbs
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-1753, GHSA-86hp-cj9j-33vv, PYSEC-2020-210
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hdk-ywcn-4qe4
4
url VCID-6swz-79ue-bbef
vulnerability_id VCID-6swz-79ue-bbef
summary A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0547
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:0547
1
reference_url https://access.redhat.com/errata/RHBA-2020:1539
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:1539
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1734
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24234
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1734
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
5
reference_url https://github.com/advisories/GHSA-h39q-95q5-9jfp
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h39q-95q5-9jfp
6
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
7
reference_url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
8
reference_url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
9
reference_url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
10
reference_url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
11
reference_url https://github.com/ansible/ansible/issues/67792
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67792
12
reference_url https://github.com/ansible/ansible/issues/70159
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/70159
13
reference_url https://github.com/ansible/ansible/pull/70596
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/70596
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
15
reference_url https://access.redhat.com/security/cve/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2020-1734
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
2
url pkg:pypi/ansible@2.9.11
purl pkg:pypi/ansible@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
8
vulnerability VCID-tfhg-gzz2-7qc5
9
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11
3
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-1734, GHSA-h39q-95q5-9jfp, PYSEC-2020-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6swz-79ue-bbef
5
url VCID-95kg-bk3s-g7gx
vulnerability_id VCID-95kg-bk3s-g7gx
summary A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10729
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20041
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10729
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
2
reference_url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
3
reference_url https://github.com/ansible/ansible/issues/34144
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/34144
fixed_packages
0
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-10729, GHSA-r6h7-5pq2-j77h, PYSEC-2021-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95kg-bk3s-g7gx
6
url VCID-axds-bd49-fbdj
vulnerability_id VCID-axds-bd49-fbdj
summary A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14904
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11344
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14904
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1776944
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1776944
2
reference_url https://github.com/advisories/GHSA-gwr8-5j83-483c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gwr8-5j83-483c
3
reference_url https://github.com/ansible/ansible/pull/65686
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/65686
4
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
fixed_packages
0
url pkg:pypi/ansible@2.7.15
purl pkg:pypi/ansible@2.7.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-6swz-79ue-bbef
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-b423-t4kx-eqbq
8
vulnerability VCID-b8cv-v25q-1kh3
9
vulnerability VCID-brft-snn6-guc8
10
vulnerability VCID-bvsa-kz7r-zyea
11
vulnerability VCID-enwa-2cfn-5uab
12
vulnerability VCID-gnq4-v5a7-m3ew
13
vulnerability VCID-hyr1-b223-bkef
14
vulnerability VCID-kgjy-7kdy-c3cg
15
vulnerability VCID-m87b-eb5y-8ydf
16
vulnerability VCID-n2b8-e8fa-2ue1
17
vulnerability VCID-nx86-xnct-afbs
18
vulnerability VCID-qtt6-8kf8-1fbt
19
vulnerability VCID-rarq-tdjt-hff3
20
vulnerability VCID-rnub-zmb6-5yhw
21
vulnerability VCID-uvca-5e2n-pqew
22
vulnerability VCID-xpfd-zdry-euh5
23
vulnerability VCID-zcmk-4k97-kkd9
24
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15
1
url pkg:pypi/ansible@2.8.7
purl pkg:pypi/ansible@2.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-7d8z-g99x-7qh2
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-b423-t4kx-eqbq
8
vulnerability VCID-b8cv-v25q-1kh3
9
vulnerability VCID-brft-snn6-guc8
10
vulnerability VCID-bvsa-kz7r-zyea
11
vulnerability VCID-enwa-2cfn-5uab
12
vulnerability VCID-hyr1-b223-bkef
13
vulnerability VCID-kgjy-7kdy-c3cg
14
vulnerability VCID-m87b-eb5y-8ydf
15
vulnerability VCID-n2b8-e8fa-2ue1
16
vulnerability VCID-nx86-xnct-afbs
17
vulnerability VCID-qtt6-8kf8-1fbt
18
vulnerability VCID-rarq-tdjt-hff3
19
vulnerability VCID-rnub-zmb6-5yhw
20
vulnerability VCID-tfhg-gzz2-7qc5
21
vulnerability VCID-uvca-5e2n-pqew
22
vulnerability VCID-xpfd-zdry-euh5
23
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7
2
url pkg:pypi/ansible@2.9.2
purl pkg:pypi/ansible@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-7d8z-g99x-7qh2
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-b423-t4kx-eqbq
8
vulnerability VCID-b8cv-v25q-1kh3
9
vulnerability VCID-brft-snn6-guc8
10
vulnerability VCID-bvsa-kz7r-zyea
11
vulnerability VCID-enwa-2cfn-5uab
12
vulnerability VCID-hyr1-b223-bkef
13
vulnerability VCID-kgjy-7kdy-c3cg
14
vulnerability VCID-m87b-eb5y-8ydf
15
vulnerability VCID-n2b8-e8fa-2ue1
16
vulnerability VCID-nx86-xnct-afbs
17
vulnerability VCID-qtt6-8kf8-1fbt
18
vulnerability VCID-rarq-tdjt-hff3
19
vulnerability VCID-rnub-zmb6-5yhw
20
vulnerability VCID-tfhg-gzz2-7qc5
21
vulnerability VCID-uvca-5e2n-pqew
22
vulnerability VCID-xpfd-zdry-euh5
23
vulnerability VCID-ydka-2etb-hue9
24
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2
aliases CVE-2019-14904, GHSA-gwr8-5j83-483c, PYSEC-2020-161
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axds-bd49-fbdj
7
url VCID-b423-t4kx-eqbq
vulnerability_id VCID-b423-t4kx-eqbq
summary A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1735
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33455
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1735
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
2
reference_url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
3
reference_url https://github.com/ansible/ansible/issues/67793
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67793
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1735, GHSA-gfr2-qpxh-qj9m, PYSEC-2020-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b423-t4kx-eqbq
8
url VCID-b8cv-v25q-1kh3
vulnerability_id VCID-b8cv-v25q-1kh3
summary An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14330
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44392
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14330
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
2
reference_url https://github.com/advisories/GHSA-785x-qw4v-6872
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-785x-qw4v-6872
3
reference_url https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
4
reference_url https://github.com/ansible/ansible/issues/68400
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/68400
5
reference_url https://github.com/ansible/ansible/pull/69653
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/69653
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml
7
reference_url https://www.debian.org/security/2021/dsa-4950
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4950
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14330
reference_id CVE-2020-14330
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-14330
fixed_packages
0
url pkg:pypi/ansible@2.10.0
purl pkg:pypi/ansible@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hyr1-b223-bkef
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
3
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0
aliases CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cv-v25q-1kh3
9
url VCID-brft-snn6-guc8
vulnerability_id VCID-brft-snn6-guc8
summary A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1737
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.35898
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1737
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
2
reference_url https://github.com/advisories/GHSA-893h-35v4-mxqx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-893h-35v4-mxqx
3
reference_url https://github.com/ansible/ansible/issues/67795
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67795
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1737, GHSA-893h-35v4-mxqx, PYSEC-2020-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brft-snn6-guc8
10
url VCID-enwa-2cfn-5uab
vulnerability_id VCID-enwa-2cfn-5uab
summary arbitrary command execution
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3583
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.51217
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3583
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
2
reference_url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
3
reference_url https://security.archlinux.org/AVG-2260
reference_id AVG-2260
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2260
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
reference_id CVE-2021-3583
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
fixed_packages
0
url pkg:pypi/ansible@2.9.23
purl pkg:pypi/ansible@2.9.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
3
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23
aliases CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enwa-2cfn-5uab
11
url VCID-gnq4-v5a7-m3ew
vulnerability_id VCID-gnq4-v5a7-m3ew
summary A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3201
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3201
3
reference_url https://access.redhat.com/errata/RHSA-2019:3202
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3202
4
reference_url https://access.redhat.com/errata/RHSA-2019:3203
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3203
5
reference_url https://access.redhat.com/errata/RHSA-2019:3207
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3207
6
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14858
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.1264
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14858
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
fixed_packages
0
url pkg:pypi/ansible@2.8.1
purl pkg:pypi/ansible@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39vn-b7y4-v3ez
1
vulnerability VCID-3jxq-kxnz-6bfh
2
vulnerability VCID-4331-d5yy-uybc
3
vulnerability VCID-4tfv-snmv-bbax
4
vulnerability VCID-52zf-mjec-f3d5
5
vulnerability VCID-5mcc-gtrr-j3e4
6
vulnerability VCID-6hdk-ywcn-4qe4
7
vulnerability VCID-6smx-ju23-8qes
8
vulnerability VCID-7d8z-g99x-7qh2
9
vulnerability VCID-95kg-bk3s-g7gx
10
vulnerability VCID-aq21-sp74-17gk
11
vulnerability VCID-axds-bd49-fbdj
12
vulnerability VCID-b423-t4kx-eqbq
13
vulnerability VCID-b8cv-v25q-1kh3
14
vulnerability VCID-brft-snn6-guc8
15
vulnerability VCID-bvsa-kz7r-zyea
16
vulnerability VCID-enwa-2cfn-5uab
17
vulnerability VCID-hyr1-b223-bkef
18
vulnerability VCID-kgjy-7kdy-c3cg
19
vulnerability VCID-m87b-eb5y-8ydf
20
vulnerability VCID-mk3k-n9wn-q3ct
21
vulnerability VCID-n2b8-e8fa-2ue1
22
vulnerability VCID-nx86-xnct-afbs
23
vulnerability VCID-qtt6-8kf8-1fbt
24
vulnerability VCID-rarq-tdjt-hff3
25
vulnerability VCID-rnub-zmb6-5yhw
26
vulnerability VCID-tfhg-gzz2-7qc5
27
vulnerability VCID-uvca-5e2n-pqew
28
vulnerability VCID-xn7b-vz2e-6qdh
29
vulnerability VCID-xpfd-zdry-euh5
30
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1
aliases CVE-2019-14858, PYSEC-2019-171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnq4-v5a7-m3ew
12
url VCID-hyr1-b223-bkef
vulnerability_id VCID-hyr1-b223-bkef
summary A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1736
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18673
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1736
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
2
reference_url https://github.com/advisories/GHSA-x7jh-595q-wq82
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7jh-595q-wq82
3
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
4
reference_url https://github.com/ansible/ansible/issues/67794
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67794
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
10
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
reference_id CVE-2020-1736
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyr1-b223-bkef
13
url VCID-kgjy-7kdy-c3cg
vulnerability_id VCID-kgjy-7kdy-c3cg
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgjy-7kdy-c3cg
14
url VCID-m87b-eb5y-8ydf
vulnerability_id VCID-m87b-eb5y-8ydf
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25635
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.236
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25635
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
4
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
7
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kgjy-7kdy-c3cg
1
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m87b-eb5y-8ydf
15
url VCID-n2b8-e8fa-2ue1
vulnerability_id VCID-n2b8-e8fa-2ue1
summary A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1740
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34646
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1740
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
2
reference_url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
3
reference_url https://github.com/ansible/ansible/issues/67798
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67798
4
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
8
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1740, GHSA-vcg8-98q8-g7mj, PYSEC-2020-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b8-e8fa-2ue1
16
url VCID-qtt6-8kf8-1fbt
vulnerability_id VCID-qtt6-8kf8-1fbt
summary information disclosure
references
0
reference_url https://access.redhat.com/errata/RHSA-2021:3871
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3871
1
reference_url https://access.redhat.com/errata/RHSA-2021:3872
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3872
2
reference_url https://access.redhat.com/errata/RHSA-2021:3874
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3874
3
reference_url https://access.redhat.com/errata/RHSA-2021:4703
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4703
4
reference_url https://access.redhat.com/errata/RHSA-2021:4750
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4750
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3620
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52692
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3620
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
7
reference_url https://github.com/advisories/GHSA-4r65-35qq-ch8j
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r65-35qq-ch8j
8
reference_url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
9
reference_url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml
11
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
12
reference_url https://security.archlinux.org/AVG-1941
reference_id AVG-1941
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1941
13
reference_url https://access.redhat.com/security/cve/CVE-2021-3620
reference_id CVE-2021-3620
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2021-3620
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
reference_id CVE-2021-3620
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
fixed_packages
0
url pkg:pypi/ansible@2.9.27
purl pkg:pypi/ansible@2.9.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27
aliases CVE-2021-3620, GHSA-4r65-35qq-ch8j, PYSEC-2022-164
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt6-8kf8-1fbt
17
url VCID-rarq-tdjt-hff3
vulnerability_id VCID-rarq-tdjt-hff3
summary A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1738
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44079
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1738
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
2
reference_url https://github.com/advisories/GHSA-f85h-23mf-2fwh
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f85h-23mf-2fwh
3
reference_url https://github.com/ansible/ansible/issues/67796
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67796
4
reference_url https://github.com/ansible/ansible/pull/67808
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/67808
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1738
reference_id CVE-2020-1738
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1738
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1738, GHSA-f85h-23mf-2fwh, PYSEC-2020-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rarq-tdjt-hff3
18
url VCID-rnub-zmb6-5yhw
vulnerability_id VCID-rnub-zmb6-5yhw
summary A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1739
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.1474
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1739
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
2
reference_url https://github.com/advisories/GHSA-923p-fr2c-g5m2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-923p-fr2c-g5m2
3
reference_url https://github.com/ansible/ansible/issues/67797
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67797
4
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1739, GHSA-923p-fr2c-g5m2, PYSEC-2020-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnub-zmb6-5yhw
19
url VCID-uvca-5e2n-pqew
vulnerability_id VCID-uvca-5e2n-pqew
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20191
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.07158
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20191
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
2
reference_url https://github.com/advisories/GHSA-8f4m-hccc-8qph
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8f4m-hccc-8qph
3
reference_url https://security.archlinux.org/ASA-202102-9
reference_id ASA-202102-9
reference_type
scores
url https://security.archlinux.org/ASA-202102-9
4
reference_url https://security.archlinux.org/AVG-1437
reference_id AVG-1437
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1437
fixed_packages
0
url pkg:pypi/ansible@2.8.19
purl pkg:pypi/ansible@2.8.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-95kg-bk3s-g7gx
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19
1
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-b8cv-v25q-1kh3
2
vulnerability VCID-enwa-2cfn-5uab
3
vulnerability VCID-kgjy-7kdy-c3cg
4
vulnerability VCID-m87b-eb5y-8ydf
5
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
2
url pkg:pypi/ansible@2.10.7
purl pkg:pypi/ansible@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kgjy-7kdy-c3cg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7
aliases CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvca-5e2n-pqew
Fixing_vulnerabilities
0
url VCID-52zf-mjec-f3d5
vulnerability_id VCID-52zf-mjec-f3d5
summary ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14856
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.64064
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14856
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
fixed_packages
0
url pkg:pypi/ansible@2.6.20
purl pkg:pypi/ansible@2.6.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-5mcc-gtrr-j3e4
3
vulnerability VCID-6hdk-ywcn-4qe4
4
vulnerability VCID-6swz-79ue-bbef
5
vulnerability VCID-95kg-bk3s-g7gx
6
vulnerability VCID-axds-bd49-fbdj
7
vulnerability VCID-b423-t4kx-eqbq
8
vulnerability VCID-b8cv-v25q-1kh3
9
vulnerability VCID-brft-snn6-guc8
10
vulnerability VCID-enwa-2cfn-5uab
11
vulnerability VCID-gnq4-v5a7-m3ew
12
vulnerability VCID-hyr1-b223-bkef
13
vulnerability VCID-kgjy-7kdy-c3cg
14
vulnerability VCID-m87b-eb5y-8ydf
15
vulnerability VCID-n2b8-e8fa-2ue1
16
vulnerability VCID-qtt6-8kf8-1fbt
17
vulnerability VCID-rarq-tdjt-hff3
18
vulnerability VCID-rnub-zmb6-5yhw
19
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20
1
url pkg:pypi/ansible@2.7.14
purl pkg:pypi/ansible@2.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-6swz-79ue-bbef
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-aq21-sp74-17gk
8
vulnerability VCID-axds-bd49-fbdj
9
vulnerability VCID-b423-t4kx-eqbq
10
vulnerability VCID-b8cv-v25q-1kh3
11
vulnerability VCID-brft-snn6-guc8
12
vulnerability VCID-bvsa-kz7r-zyea
13
vulnerability VCID-enwa-2cfn-5uab
14
vulnerability VCID-gnq4-v5a7-m3ew
15
vulnerability VCID-hyr1-b223-bkef
16
vulnerability VCID-kgjy-7kdy-c3cg
17
vulnerability VCID-m87b-eb5y-8ydf
18
vulnerability VCID-n2b8-e8fa-2ue1
19
vulnerability VCID-nx86-xnct-afbs
20
vulnerability VCID-qtt6-8kf8-1fbt
21
vulnerability VCID-rarq-tdjt-hff3
22
vulnerability VCID-rnub-zmb6-5yhw
23
vulnerability VCID-uvca-5e2n-pqew
24
vulnerability VCID-xpfd-zdry-euh5
25
vulnerability VCID-zcmk-4k97-kkd9
26
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14
2
url pkg:pypi/ansible@2.8.6
purl pkg:pypi/ansible@2.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-7d8z-g99x-7qh2
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-aq21-sp74-17gk
8
vulnerability VCID-axds-bd49-fbdj
9
vulnerability VCID-b423-t4kx-eqbq
10
vulnerability VCID-b8cv-v25q-1kh3
11
vulnerability VCID-brft-snn6-guc8
12
vulnerability VCID-bvsa-kz7r-zyea
13
vulnerability VCID-enwa-2cfn-5uab
14
vulnerability VCID-hyr1-b223-bkef
15
vulnerability VCID-kgjy-7kdy-c3cg
16
vulnerability VCID-m87b-eb5y-8ydf
17
vulnerability VCID-n2b8-e8fa-2ue1
18
vulnerability VCID-nx86-xnct-afbs
19
vulnerability VCID-qtt6-8kf8-1fbt
20
vulnerability VCID-rarq-tdjt-hff3
21
vulnerability VCID-rnub-zmb6-5yhw
22
vulnerability VCID-tfhg-gzz2-7qc5
23
vulnerability VCID-uvca-5e2n-pqew
24
vulnerability VCID-xpfd-zdry-euh5
25
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6
aliases CVE-2019-14856, PYSEC-2019-146
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52zf-mjec-f3d5
1
url VCID-6smx-ju23-8qes
vulnerability_id VCID-6smx-ju23-8qes
summary In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3201
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3201
3
reference_url https://access.redhat.com/errata/RHSA-2019:3202
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3202
4
reference_url https://access.redhat.com/errata/RHSA-2019:3203
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3203
5
reference_url https://access.redhat.com/errata/RHSA-2019:3207
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3207
6
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14846
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30132
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14846
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
9
reference_url https://github.com/ansible/ansible/pull/63366
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/63366
10
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
11
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
fixed_packages
0
url pkg:pypi/ansible@2.6.20
purl pkg:pypi/ansible@2.6.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-5mcc-gtrr-j3e4
3
vulnerability VCID-6hdk-ywcn-4qe4
4
vulnerability VCID-6swz-79ue-bbef
5
vulnerability VCID-95kg-bk3s-g7gx
6
vulnerability VCID-axds-bd49-fbdj
7
vulnerability VCID-b423-t4kx-eqbq
8
vulnerability VCID-b8cv-v25q-1kh3
9
vulnerability VCID-brft-snn6-guc8
10
vulnerability VCID-enwa-2cfn-5uab
11
vulnerability VCID-gnq4-v5a7-m3ew
12
vulnerability VCID-hyr1-b223-bkef
13
vulnerability VCID-kgjy-7kdy-c3cg
14
vulnerability VCID-m87b-eb5y-8ydf
15
vulnerability VCID-n2b8-e8fa-2ue1
16
vulnerability VCID-qtt6-8kf8-1fbt
17
vulnerability VCID-rarq-tdjt-hff3
18
vulnerability VCID-rnub-zmb6-5yhw
19
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20
1
url pkg:pypi/ansible@2.7.14
purl pkg:pypi/ansible@2.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-6swz-79ue-bbef
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-aq21-sp74-17gk
8
vulnerability VCID-axds-bd49-fbdj
9
vulnerability VCID-b423-t4kx-eqbq
10
vulnerability VCID-b8cv-v25q-1kh3
11
vulnerability VCID-brft-snn6-guc8
12
vulnerability VCID-bvsa-kz7r-zyea
13
vulnerability VCID-enwa-2cfn-5uab
14
vulnerability VCID-gnq4-v5a7-m3ew
15
vulnerability VCID-hyr1-b223-bkef
16
vulnerability VCID-kgjy-7kdy-c3cg
17
vulnerability VCID-m87b-eb5y-8ydf
18
vulnerability VCID-n2b8-e8fa-2ue1
19
vulnerability VCID-nx86-xnct-afbs
20
vulnerability VCID-qtt6-8kf8-1fbt
21
vulnerability VCID-rarq-tdjt-hff3
22
vulnerability VCID-rnub-zmb6-5yhw
23
vulnerability VCID-uvca-5e2n-pqew
24
vulnerability VCID-xpfd-zdry-euh5
25
vulnerability VCID-zcmk-4k97-kkd9
26
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14
2
url pkg:pypi/ansible@2.8.6
purl pkg:pypi/ansible@2.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-4331-d5yy-uybc
2
vulnerability VCID-4tfv-snmv-bbax
3
vulnerability VCID-5mcc-gtrr-j3e4
4
vulnerability VCID-6hdk-ywcn-4qe4
5
vulnerability VCID-7d8z-g99x-7qh2
6
vulnerability VCID-95kg-bk3s-g7gx
7
vulnerability VCID-aq21-sp74-17gk
8
vulnerability VCID-axds-bd49-fbdj
9
vulnerability VCID-b423-t4kx-eqbq
10
vulnerability VCID-b8cv-v25q-1kh3
11
vulnerability VCID-brft-snn6-guc8
12
vulnerability VCID-bvsa-kz7r-zyea
13
vulnerability VCID-enwa-2cfn-5uab
14
vulnerability VCID-hyr1-b223-bkef
15
vulnerability VCID-kgjy-7kdy-c3cg
16
vulnerability VCID-m87b-eb5y-8ydf
17
vulnerability VCID-n2b8-e8fa-2ue1
18
vulnerability VCID-nx86-xnct-afbs
19
vulnerability VCID-qtt6-8kf8-1fbt
20
vulnerability VCID-rarq-tdjt-hff3
21
vulnerability VCID-rnub-zmb6-5yhw
22
vulnerability VCID-tfhg-gzz2-7qc5
23
vulnerability VCID-uvca-5e2n-pqew
24
vulnerability VCID-xpfd-zdry-euh5
25
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6
aliases CVE-2019-14846, PYSEC-2019-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6smx-ju23-8qes
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20