VulnerableCode Package Details - pkg:pypi/distributed@1.18.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-est9-tg72-ukft Aliases: CVE-2021-42343 GHSA-hwqr-f3v9-hwxr GHSA-j8fq-86c5-5v2r PYSEC-2021-387 PYSEC-2021-871 PYSEC-2021-872	arbitrary code execution	2021.10.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v76u-2pet-mfb2 Aliases: CVE-2026-23528 GHSA-c336-7962-wfj2 PYSEC-2026-169	Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.	2026.1.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-est9-tg72-ukft
Aliases:
CVE-2021-42343
GHSA-hwqr-f3v9-hwxr
GHSA-j8fq-86c5-5v2r
PYSEC-2021-387
PYSEC-2021-871
PYSEC-2021-872

arbitrary code execution

2021.10.0
Affected by 1 other vulnerability.

VCID-v76u-2pet-mfb2
Aliases:
CVE-2026-23528
GHSA-c336-7962-wfj2
PYSEC-2026-169

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.

2026.1.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:47:20.171682+00:00	PyPI Importer	Affected by	VCID-v76u-2pet-mfb2	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:50.394686+00:00	PyPI Importer	Affected by	VCID-est9-tg72-ukft	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:37:06.562837+00:00	Pypa Importer	Affected by	VCID-v76u-2pet-mfb2	https://github.com/pypa/advisory-database/blob/main/vulns/distributed/PYSEC-2026-169.yaml	38.6.0
2026-05-30T20:27:49.220087+00:00	Pypa Importer	Affected by	VCID-est9-tg72-ukft	https://github.com/pypa/advisory-database/blob/main/vulns/distributed/PYSEC-2021-871.yaml	38.6.0
2026-05-30T20:27:48.486821+00:00	Pypa Importer	Affected by	VCID-est9-tg72-ukft	https://github.com/pypa/advisory-database/blob/main/vulns/distributed/PYSEC-2021-872.yaml	38.6.0