VulnerableCode Package Details - pkg:pypi/nova@12.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-7yp4-ebnm-g3c3 Aliases: CVE-2016-2140 GHSA-49jv-37hm-6gfp	OpenStack Nova host data access through resize/migration The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.	12.0.3 Affected by 0 other vulnerabilities.
VCID-9se5-m6dx-8kcj Aliases: CVE-2015-8749 GHSA-c36r-g737-9qp8	OpenStack Nova Potential Xen connection password leak via StorageError The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.	12.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7yp4-ebnm-g3c3
Aliases:
CVE-2016-2140
GHSA-49jv-37hm-6gfp

OpenStack Nova host data access through resize/migration The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

12.0.3
Affected by 0 other vulnerabilities.

VCID-9se5-m6dx-8kcj
Aliases:
CVE-2015-8749
GHSA-c36r-g737-9qp8

OpenStack Nova Potential Xen connection password leak via StorageError The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

12.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:14.568972+00:00	GHSA Importer	Fixing	VCID-dxxx-4thc-fyfh	https://github.com/advisories/GHSA-xc4g-7vw8-924h	38.1.0
2026-04-04T14:30:38.031442+00:00	GHSA Importer	Affected by	VCID-9se5-m6dx-8kcj	https://github.com/advisories/GHSA-c36r-g737-9qp8	38.1.0
2026-04-04T14:30:37.560374+00:00	GHSA Importer	Affected by	VCID-7yp4-ebnm-g3c3	https://github.com/advisories/GHSA-49jv-37hm-6gfp	38.1.0
2026-04-01T13:08:11.411570+00:00	GithubOSV Importer	Fixing	VCID-dxxx-4thc-fyfh	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xc4g-7vw8-924h/GHSA-xc4g-7vw8-924h.json	38.0.0
2026-04-01T12:50:44.083388+00:00	GitLab Importer	Fixing	VCID-dxxx-4thc-fyfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2012-3447.yml	38.0.0
2026-04-01T12:50:32.824770+00:00	GitLab Importer	Affected by	VCID-7yp4-ebnm-g3c3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2016-2140.yml	38.0.0
2026-04-01T12:50:27.299476+00:00	GitLab Importer	Affected by	VCID-9se5-m6dx-8kcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2015-8749.yml	38.0.0