Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:pypi/transmute-core@0.4.7
Type
pypi
Namespace
Name
transmute-core
Version
0.4.7
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
1.13.5
Latest_non_vulnerable_version
1.13.5
Affected_by_vulnerabilities
0
url
VCID-kqub-x1cw-7bh9
vulnerability_id
VCID-kqub-x1cw-7bh9
summary
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.
references
0
reference_url
https://github.com/pypa/advisory-database/tree/main/vulns/transmute-core/PYSEC-2023-223.yaml
reference_id
reference_type
scores
url
https://github.com/pypa/advisory-database/tree/main/vulns/transmute-core/PYSEC-2023-223.yaml
1
reference_url
https://github.com/toumorokoshi/transmute-core
reference_id
reference_type
scores
url
https://github.com/toumorokoshi/transmute-core
2
reference_url
https://github.com/toumorokoshi/transmute-core/commit/29bf82eb8ed9926d31eec90aec482ecc0dcb23f0
reference_id
reference_type
scores
url
https://github.com/toumorokoshi/transmute-core/commit/29bf82eb8ed9926d31eec90aec482ecc0dcb23f0
3
reference_url
https://github.com/toumorokoshi/transmute-core/pull/58
reference_id
reference_type
scores
url
https://github.com/toumorokoshi/transmute-core/pull/58
4
reference_url
https://github.com/toumorokoshi/transmute-core/releases/tag/v1.13.5
reference_id
reference_type
scores
url
https://github.com/toumorokoshi/transmute-core/releases/tag/v1.13.5
5
reference_url
https://nvd.nist.gov/vuln/detail/CVE-2023-47204
reference_id
CVE-2023-47204
reference_type
scores
url
https://nvd.nist.gov/vuln/detail/CVE-2023-47204
6
reference_url
https://github.com/advisories/GHSA-w9cp-3x79-2p8p
reference_id
GHSA-w9cp-3x79-2p8p
reference_type
scores
url
https://github.com/advisories/GHSA-w9cp-3x79-2p8p
fixed_packages
0
url
pkg:pypi/transmute-core@1.13.5
purl
pkg:pypi/transmute-core@1.13.5
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/transmute-core@1.13.5
aliases
CVE-2023-47204, GHSA-w9cp-3x79-2p8p, PYSEC-2023-223
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-kqub-x1cw-7bh9
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/transmute-core@0.4.7
×
Create
None
×
Edit
None