Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/logilab-common@0.56.2
purl pkg:pypi/logilab-common@0.56.2
Next non-vulnerable version 0.60.1
Latest non-vulnerable version 0.61.0
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-a593-xbfq-c3f9
Aliases:
CVE-2014-1839
GHSA-g5m2-22h2-rr3j
PYSEC-2014-84
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
0.60.1
Affected by 0 other vulnerabilities.
0.61.0
Affected by 0 other vulnerabilities.
VCID-dxhr-jpkq-jya6
Aliases:
CVE-2014-1838
GHSA-rr52-wg7f-8875
PYSEC-2014-83
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
0.60.1
Affected by 0 other vulnerabilities.
0.61.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:03:28.498195+00:00 Pypa Importer Affected by VCID-dxhr-jpkq-jya6 https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-83.yaml 38.6.0
2026-06-02T04:03:27.170708+00:00 Pypa Importer Affected by VCID-a593-xbfq-c3f9 https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-84.yaml 38.6.0