Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/buildbot@2.3.1
purl pkg:pypi/buildbot@2.3.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-4exh-n9pd-f7dp Improper Authentication in Buildbot CVE-2019-12300
GHSA-g86p-hgx5-2pfh
PYSEC-2019-6
VCID-6wgj-dsmh-zfgz Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim. PYSEC-2019-76

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T15:41:47.404215+00:00 GitLab Importer Fixing VCID-4exh-n9pd-f7dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/buildbot/CVE-2019-12300.yml 38.6.0
2026-06-12T08:12:20.861077+00:00 GithubOSV Importer Fixing VCID-4exh-n9pd-f7dp https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-g86p-hgx5-2pfh/GHSA-g86p-hgx5-2pfh.json 38.6.0
2026-06-12T04:02:46.683568+00:00 Pypa Importer Fixing VCID-4exh-n9pd-f7dp https://github.com/pypa/advisory-database/blob/main/vulns/buildbot/PYSEC-2019-6.yaml 38.6.0
2026-06-11T20:44:26.401515+00:00 PyPI Importer Fixing VCID-4exh-n9pd-f7dp https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-11T20:44:26.377597+00:00 PyPI Importer Fixing VCID-6wgj-dsmh-zfgz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-11T20:25:17.719534+00:00 GHSA Importer Fixing VCID-4exh-n9pd-f7dp https://github.com/advisories/GHSA-g86p-hgx5-2pfh 38.6.0