VulnerableCode Package Details - pkg:pypi/lemur@0.2.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/lemur@0.2.1

Essentials
History (2)

purl	pkg:pypi/lemur@0.2.1

Next non-vulnerable version	0.1.5
Latest non-vulnerable version	1.3.2
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-pj89-r99c-cbau Aliases: CVE-2023-30797 GHSA-5fqv-mpj8-h7gm GMS-2023-540 PYSEC-2023-20	Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.	1.3.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-uz5e-d9jx-dyfe	Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.	CVE-2015-7764 GHSA-chg9-3c3p-ch23 PYSEC-2017-50

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:31:39.859383+00:00	Pypa Importer	Affected by	VCID-pj89-r99c-cbau	https://github.com/pypa/advisory-database/blob/main/vulns/lemur/PYSEC-2023-20.yaml	38.6.0
2026-05-30T20:17:17.430107+00:00	Pypa Importer	Fixing	VCID-uz5e-d9jx-dyfe	https://github.com/pypa/advisory-database/blob/main/vulns/lemur/PYSEC-2017-50.yaml	38.6.0