Search for packages
| purl | pkg:pypi/radicale@0.10 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2awy-8tkx-3fe2
Aliases: CVE-2015-8748 GHSA-6w8c-6jrg-qwj2 PYSEC-2016-37 |
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". |
Affected by 1 other vulnerability. |
|
VCID-dw4s-1un9-3qg1
Aliases: CVE-2017-8342 GHSA-rpv4-63g3-9x23 PYSEC-2017-102 |
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-j4yd-fdnt-vub6
Aliases: CVE-2015-8747 PYSEC-2016-36 |
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:04:38.793969+00:00 | Pypa Importer | Affected by | VCID-dw4s-1un9-3qg1 | https://github.com/pypa/advisory-database/blob/main/vulns/radicale/PYSEC-2017-102.yaml | 38.6.0 |
| 2026-06-02T04:04:08.900551+00:00 | Pypa Importer | Affected by | VCID-j4yd-fdnt-vub6 | https://github.com/pypa/advisory-database/blob/main/vulns/radicale/PYSEC-2016-36.yaml | 38.6.0 |
| 2026-06-02T04:04:08.782222+00:00 | Pypa Importer | Affected by | VCID-2awy-8tkx-3fe2 | https://github.com/pypa/advisory-database/blob/main/vulns/radicale/PYSEC-2016-37.yaml | 38.6.0 |