pypi 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption and バッファオーバーフロー があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact memory corruption and アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-34501 | The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | [email protected] | 9.8 | 1.09% | 2022-07-22 | 2026-06-17 |
| CVE-2022-34500 | The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | [email protected] | 9.8 | 1.15% | 2022-07-22 | 2026-06-17 |
| CVE-2022-34056 | The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-34055 | The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-34054 | The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.47% | 2022-06-24 | 2026-06-17 |
| CVE-2022-34053 | The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-33004 | The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.47% | 2022-06-24 | 2026-06-17 |
| CVE-2022-33003 | The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-33002 | The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-33001 | The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-33000 | The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.47% | 2022-06-24 | 2026-06-17 |
| CVE-2022-32999 | The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.50% | 2022-06-24 | 2026-06-17 |
| CVE-2022-32998 | The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.47% | 2022-06-24 | 2026-06-17 |
| CVE-2022-32997 | The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.47% | 2022-06-24 | 2026-06-17 |
| CVE-2022-32996 | The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | [email protected] | 9.8 | 1.47% | 2022-06-24 | 2026-06-17 |
| CVE-2020-15904 | A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. | [email protected] | 7.8 | 1.05% | 2020-07-22 | 2026-06-17 |