Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/logilab-common@0.46.0
purl pkg:pypi/logilab-common@0.46.0
Next non-vulnerable version 0.60.1
Latest non-vulnerable version 0.61.0
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-4tzc-1ykk-uydm
Aliases:
CVE-2014-1838
GHSA-rr52-wg7f-8875
PYSEC-2014-83
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
0.60.1
Affected by 0 other vulnerabilities.
0.61.0
Affected by 0 other vulnerabilities.
VCID-5z59-jfr9-y3hj
Aliases:
CVE-2014-1839
GHSA-g5m2-22h2-rr3j
PYSEC-2014-84
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
0.60.1
Affected by 0 other vulnerabilities.
0.61.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-30T20:16:03.278615+00:00 Pypa Importer Affected by VCID-4tzc-1ykk-uydm https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-83.yaml 38.6.0
2026-05-30T20:16:01.955411+00:00 Pypa Importer Affected by VCID-5z59-jfr9-y3hj https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-84.yaml 38.6.0