Search for packages
| purl | pkg:pypi/ansible@2.5 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-rknj-nkgs-wyg2
Aliases: CVE-2018-16837 GHSA-hwrm-63v2-42g4 PYSEC-2018-44 |
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
Affected by 37 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 45 other vulnerabilities. |
|
VCID-wqm7-2ajr-6ue8
Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. |
Affected by 39 other vulnerabilities. Affected by 40 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:00:56.033718+00:00 | GHSA Importer | Affected by | VCID-wqm7-2ajr-6ue8 | https://github.com/advisories/GHSA-3xvg-x47j-x75w | 38.0.0 |
| 2026-04-01T12:48:07.173982+00:00 | GitLab Importer | Affected by | VCID-rknj-nkgs-wyg2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-16837.yml | 38.0.0 |