VulnerableCode Package Details - pkg:pypi/numpy@1.13.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-86w7-qcmk-xyca Aliases: CVE-2021-41495 GHSA-5545-2q6w-2gh6 PYSEC-2021-856	Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.	1.19.1 Affected by 0 other vulnerabilities.
VCID-vx94-afb7-ybdw Aliases: CVE-2019-6446 PYSEC-2019-108	DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.	1.16.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xmpe-ucks-uubr Aliases: CVE-2021-41496 GHSA-f7c7-j99h-c22f PYSEC-2021-857	Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.	1.19.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-86w7-qcmk-xyca
Aliases:
CVE-2021-41495
GHSA-5545-2q6w-2gh6
PYSEC-2021-856

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.

1.19.1
Affected by 0 other vulnerabilities.

VCID-vx94-afb7-ybdw
Aliases:
CVE-2019-6446
PYSEC-2019-108

** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

1.16.1
Affected by 2 other vulnerabilities.

VCID-xmpe-ucks-uubr
Aliases:
CVE-2021-41496
GHSA-f7c7-j99h-c22f
PYSEC-2021-857

Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

1.19.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-d4gz-n249-4ucx	The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.	CVE-2017-12852 GHSA-frgw-fgh6-9g52 PYSEC-2017-1

Vulnerability

Summary

Aliases

VCID-d4gz-n249-4ucx

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

CVE-2017-12852
GHSA-frgw-fgh6-9g52
PYSEC-2017-1

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:37:01.755257+00:00	GitLab Importer	Fixing	VCID-d4gz-n249-4ucx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/numpy/CVE-2017-12852.yml	38.6.0
2026-06-02T04:16:13.924912+00:00	Pypa Importer	Affected by	VCID-86w7-qcmk-xyca	https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2021-856.yaml	38.6.0
2026-06-02T04:16:13.527549+00:00	Pypa Importer	Affected by	VCID-xmpe-ucks-uubr	https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2021-857.yaml	38.6.0
2026-06-02T04:05:30.173577+00:00	Pypa Importer	Affected by	VCID-vx94-afb7-ybdw	https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2019-108.yaml	38.6.0
2026-06-02T04:04:41.472698+00:00	Pypa Importer	Fixing	VCID-d4gz-n249-4ucx	https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2017-1.yaml	38.6.0