VulnerableCode Package Details - pkg:pypi/rpyc@4.1.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/rpyc@4.1.0

Essentials
History (2)

purl	pkg:pypi/rpyc@4.1.0

Next non-vulnerable version	6.0.0
Latest non-vulnerable version	6.0.0
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-8a5v-fvm4-zqa7 Aliases: CVE-2024-27758 GHSA-h5cg-53g7-gqjw PYSEC-2024-44	In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.	6.0.0 Affected by 0 other vulnerabilities.
VCID-ztd6-ze8z-y3ej Aliases: CVE-2019-16328 GHSA-9ggp-4jpr-7ppj GHSA-pj4g-4488-wmxm PYSEC-2019-118	In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.	4.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:21:06.151757+00:00	Pypa Importer	Affected by	VCID-8a5v-fvm4-zqa7	https://github.com/pypa/advisory-database/blob/main/vulns/rpyc/PYSEC-2024-44.yaml	38.6.0
2026-06-02T04:05:52.426433+00:00	Pypa Importer	Affected by	VCID-ztd6-ze8z-y3ej	https://github.com/pypa/advisory-database/blob/main/vulns/rpyc/PYSEC-2019-118.yaml	38.6.0