{"url":"http://public2.vulnerablecode.io/api/packages/13486?format=json","purl":"pkg:pypi/pyxdg@0.19","type":"pypi","namespace":"","name":"pyxdg","version":"0.19","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.26","latest_non_vulnerable_version":"0.26","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34837?format=json","vulnerability_id":"VCID-eevs-zxmj-gua4","summary":"Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1624.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1624","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14702","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14723","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14797","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14804","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14763","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1468","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1624"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90618","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:N"},{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyxdg/PYSEC-2014-95.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyxdg/PYSEC-2014-95.yaml"},{"reference_url":"https://github.com/takluyver/pyxdg","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/takluyver/pyxdg"},{"reference_url":"https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1624","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1624"},{"reference_url":"https://web.archive.org/web/20200227194825/http://www.securityfocus.com/bid/65042","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227194825/http://www.securityfocus.com/bid/65042"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/01/21/3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/01/21/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/01/21/4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/01/21/4"},{"reference_url":"http://www.securityfocus.com/bid/65042","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65042"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1056338","reference_id":"1056338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1056338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247","reference_id":"736247","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247"},{"reference_url":"https://github.com/advisories/GHSA-7372-q459-jxhr","reference_id":"GHSA-7372-q459-jxhr","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7372-q459-jxhr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7905?format=json","purl":"pkg:pypi/pyxdg@0.26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyxdg@0.26"}],"aliases":["CVE-2014-1624","GHSA-7372-q459-jxhr","PYSEC-2014-95"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eevs-zxmj-gua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35367?format=json","vulnerability_id":"VCID-ttvr-rxkh-xqde","summary":"A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12761.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12761","reference_id":"","reference_type":"","scores":[{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.70155","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.70111","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.70152","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.70161","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.70143","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.70131","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12761"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/dhondta/b45cd41f4186110a354dc7272916feba","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/dhondta/b45cd41f4186110a354dc7272916feba"},{"reference_url":"https://github.com/advisories/GHSA-r6v3-hpxj-r8rv","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6v3-hpxj-r8rv"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyxdg/PYSEC-2019-199.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyxdg/PYSEC-2019-199.yaml"},{"reference_url":"https://github.com/takluyver/pyxdg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/takluyver/pyxdg"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00003.html"},{"reference_url":"https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1718204","reference_id":"1718204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1718204"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930099","reference_id":"930099","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930099"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12761","reference_id":"CVE-2019-12761","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12761"},{"reference_url":"https://usn.ubuntu.com/4700-1/","reference_id":"USN-4700-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4700-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7905?format=json","purl":"pkg:pypi/pyxdg@0.26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyxdg@0.26"}],"aliases":["CVE-2019-12761","GHSA-r6v3-hpxj-r8rv","PYSEC-2019-199","SNYK-PYTHON-PYXDG-174562"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttvr-rxkh-xqde"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyxdg@0.19"}