Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3esw-x41v-6kcu
Vulnerability ID VCID-3esw-x41v-6kcu
Aliases CVE-2020-23478
GHSA-x38q-xg2h-rxgx
PYSEC-2021-338
Summary Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1333 Inefficient Regular Expression Complexity
CWE-697 Incorrect Comparison
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0028 https://api.first.org/data/v1/epss?cve=CVE-2020-23478
epss 0.0028 https://api.first.org/data/v1/epss?cve=CVE-2020-23478
epss 0.0028 https://api.first.org/data/v1/epss?cve=CVE-2020-23478
epss 0.0028 https://api.first.org/data/v1/epss?cve=CVE-2020-23478
cvssv3.1 7.5 https://github.com/advisories/GHSA-x38q-xg2h-rxgx
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x38q-xg2h-rxgx
cvssv4 8.7 https://github.com/advisories/GHSA-x38q-xg2h-rxgx
generic_textual HIGH https://github.com/advisories/GHSA-x38q-xg2h-rxgx
cvssv3.1 7.5 https://github.com/leo-editor/leo-editor
cvssv4 8.7 https://github.com/leo-editor/leo-editor
generic_textual HIGH https://github.com/leo-editor/leo-editor
cvssv3.1 7.5 https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
cvssv4 8.7 https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
generic_textual HIGH https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
cvssv3.1 7.5 https://github.com/leo-editor/leo-editor/issues/1597
cvssv4 8.7 https://github.com/leo-editor/leo-editor/issues/1597
generic_textual HIGH https://github.com/leo-editor/leo-editor/issues/1597
cvssv3.1 7.5 https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml
cvssv4 8.7 https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23478
cvssv4 8.7 https://nvd.nist.gov/vuln/detail/CVE-2020-23478
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-23478
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-23478
https://github.com/advisories/GHSA-x38q-xg2h-rxgx
https://github.com/leo-editor/leo-editor
https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
https://github.com/leo-editor/leo-editor/issues/1597
https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml
https://nvd.nist.gov/vuln/detail/CVE-2020-23478
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/advisories/GHSA-x38q-xg2h-rxgx
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/advisories/GHSA-x38q-xg2h-rxgx
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/leo-editor/leo-editor
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/leo-editor/leo-editor
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/leo-editor/leo-editor/commit/029833689060ee73f1bc1708cf4b182f0c66ec8e
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/leo-editor/leo-editor/issues/1597
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/leo-editor/leo-editor/issues/1597
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/leo/PYSEC-2021-338.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-23478
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-23478
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.51722
EPSS Score 0.0028
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:53:54.203794+00:00 PyPI Importer Import https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0