Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/python-galaxy-ng@4.2.2-1?arch=el8pc
purl pkg:rpm/redhat/python-galaxy-ng@4.2.2-1?arch=el8pc
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. There are no reported fixed by versions.
VCID-1r67-1k83-8qej
Aliases:
CVE-2020-7789
GHSA-5fw9-fq32-wv5p
OS Command Injection in node-notifier This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array. There are no reported fixed by versions.
VCID-9k9t-vp1a-z7bt
Aliases:
BIT-django-2021-3281
CVE-2021-3281
GHSA-fvgf-6h6h-3322
PYSEC-2021-9
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. There are no reported fixed by versions.
VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. There are no reported fixed by versions.
VCID-kh5k-ynnf-2bbx
Aliases:
CVE-2020-15366
GHSA-v88g-cgmw-v5xw
Prototype Pollution in Ajv An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) There are no reported fixed by versions.
VCID-mqaz-y2xw-sya2
Aliases:
CVE-2021-23980
GHSA-vv2x-vrpj-qqpq
GMS-2021-168
PYSEC-2021-865
In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:05:56.284945+00:00 RedHat Importer Affected by VCID-kh5k-ynnf-2bbx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json 38.0.0
2026-04-01T14:03:41.823206+00:00 RedHat Importer Affected by VCID-1na8-nyq1-yfcy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json 38.0.0
2026-04-01T14:03:41.253731+00:00 RedHat Importer Affected by VCID-1r67-1k83-8qej https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7789.json 38.0.0
2026-04-01T14:03:34.276930+00:00 RedHat Importer Affected by VCID-brg4-rv29-1fgz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json 38.0.0
2026-04-01T14:03:19.881191+00:00 RedHat Importer Affected by VCID-9k9t-vp1a-z7bt https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json 38.0.0
2026-04-01T14:03:19.532158+00:00 RedHat Importer Affected by VCID-mqaz-y2xw-sya2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23980.json 38.0.0