pyupio/safety-db issues and pull requests

#2372 - safety scan results in Unhandled exception happened: Invalid specifier: '<.0.13.4' - for package requests

Issue - State: closed - Opened by sbxmichaelm about 2 months ago - 2 comments

#2371 - MLflow vulnerability is incorrectly reported as >=2.9.2 when it is really <=2.9.2

Issue - State: open - Opened by benglewis 2 months ago

#2370 - False positive for CVE-2023-6129

Issue - State: closed - Opened by nils-van-zuijlen 8 months ago - 1 comment

#2369 - Safety Django link in the README is broken

Issue - State: open - Opened by Anupya 10 months ago

#2368 - Question: why was the vulnerability on jsonpickle<=1.4.1 removed in last november?

Issue - State: closed - Opened by Lucas-C about 1 year ago - 1 comment

#2367 - Removed false positive for lower versions of inquirer

Pull Request - State: open - Opened by gmetzker about 1 year ago

#2366 - Adjust vulnerable versions of Inquirer for CVE-2022-24439

Issue - State: closed - Opened by gmetzker about 1 year ago - 1 comment

#2365 - False Positive for scrapy Vulnerability

Issue - State: closed - Opened by Matthew-Grayson over 1 year ago - 2 comments

#2364 - insecure-package is no longer returned as vulnerable

Issue - State: closed - Opened by awsbillz over 1 year ago - 1 comment

#2363 - 9-month-old withdrawn CVE for aiohttp added to safety-db

Issue - State: closed - Opened by tharradine almost 2 years ago - 2 comments

#2362 - safetydb website given in Readme is down 404

Issue - State: open - Opened by scattered-development almost 2 years ago - 1 comment

#2361 - Unable to install with Pipenv

Issue - State: open - Opened by chandanch about 2 years ago

#2360 - black fmt

Pull Request - State: closed - Opened by evelynmitchell about 2 years ago

#2359 - Zulip : wrong version evaluation

Issue - State: closed - Opened by parlamonbot about 2 years ago - 1 comment

#2358 - kubernetes vulnerabilities is stale - CVE-2021-29923/45114

Issue - State: closed - Opened by gary-scio over 2 years ago - 1 comment

#2357 - dparse v0.6.1 showing as im

Issue - State: closed - Opened by Mr-McBride over 2 years ago - 2 comments

#2356 - Wrong version identifier in vulnerabilities pyup.io-34226 & pyup.io-49495

Issue - State: closed - Opened by sephii over 2 years ago - 1 comment

#2355 - Missing May update?

Issue - State: closed - Opened by connorbode over 2 years ago - 1 comment

#2354 - 47833: You report that click is vulnerable, but the authors dont know about it?

Issue - State: closed - Opened by leberknecht almost 3 years ago - 1 comment

#2353 - Issue with insecure django-oauth-toolkit library

Issue - State: closed - Opened by panosangelopoulos almost 3 years ago - 10 comments

#2352 - update db more often

Issue - State: closed - Opened by Niccolum about 3 years ago - 1 comment

#2351 - Load JSON using importlib.resources

Pull Request - State: open - Opened by efokschaner about 3 years ago - 4 comments

#2350 - Optimade v0.16.9 listed incorrectly as unsafe

Issue - State: closed - Opened by JPBergsma about 3 years ago - 3 comments

#2349 - Numpy fails safety

Issue - State: closed - Opened by shernshiou about 3 years ago - 3 comments

#2348 - Auto monthly pypi push

Issue - State: open - Opened by chriswhite199 about 3 years ago - 1 comment

#2347 - Kombu, sendgrid: false positives, shouldn't safety mark sources as vulnerable?

Issue - State: closed - Opened by m-aciek about 3 years ago - 3 comments

#2346 - Fix false positive for sendgrid<6.4.1

Pull Request - State: closed - Opened by m-aciek about 3 years ago - 1 comment

#2345 - Documentation: what is a PVE?

Issue - State: open - Opened by sparrowt about 3 years ago - 1 comment
Labels: question, enhancement

#2344 - sendgrid vulnerability should have lower limit

Issue - State: closed - Opened by m-aciek about 3 years ago - 1 comment

#2343 - pyup.io-41994 is false positive - grpcio has no dependency on urllib3

Issue - State: closed - Opened by pshchelo about 3 years ago - 1 comment

#2342 - Package `tensorflow < 2.7` incorrectly listed as vulnerable for all versions

Issue - State: closed - Opened by bswami50 about 3 years ago - 2 comments

#2341 - Package `bleach` has no versions `3.11` or `3.12`

Issue - State: closed - Opened by LincolnPuzey over 3 years ago - 5 comments

#2340 - False Positive for KeplerGL

Issue - State: closed - Opened by kopp over 3 years ago - 1 comment

#2339 - Keyword list used to search changelogs

Issue - State: open - Opened by nasifimtiazohi over 3 years ago

#2338 - Removing false positive vulnerability for dash library

Pull Request - State: closed - Opened by yeisonvargasf over 3 years ago

#2337 - Remove `coveragepy` from vulnerable, refs #2335

Pull Request - State: closed - Opened by sobolevn over 3 years ago - 1 comment

#2336 - Package `dash` has no version 2.2.0

Issue - State: closed - Opened by alexcjohnson over 3 years ago - 2 comments

#2335 - Package `coverage<6.0b1` incorrectly listed as vulnerable

Issue - State: closed - Opened by whyscream over 3 years ago - 6 comments

#2334 - Automatic release each month

Issue - State: closed - Opened by pawamoy over 3 years ago - 2 comments

#2333 - Database false positive: Gunicorn request smuggling vulnerability

Issue - State: closed - Opened by CoburnJoe almost 4 years ago - 1 comment

#2332 - add CVE-2021-25290

Pull Request - State: closed - Opened by goern almost 4 years ago - 1 comment

#2331 - lambda-warmer-py warning references a nonexistent version

Issue - State: closed - Opened by jeffcasavant almost 4 years ago - 1 comment

#2330 - Correction to pip package for pyup.io-39620 for CVE-2021-23338

Issue - State: closed - Opened by westonsteimel almost 4 years ago - 3 comments

#2329 - Possible inconsistency on CVE-2020-35681 for channels

Issue - State: closed - Opened by thiagoferreiraw almost 4 years ago - 1 comment

#2328 - Lost CVE attributes for 37863 and 39602

Issue - State: closed - Opened by damiencarol almost 4 years ago - 5 comments

#2327 - Instana vulnerable versions not valid for Python

Issue - State: closed - Opened by iwt-kschoenrock almost 4 years ago - 1 comment

#2326 - Multiple tensorflow issues for the same check

Issue - State: closed - Opened by zionsofer about 4 years ago - 1 comment

#2325 - Fix failing test, related to the introduced $meta

Pull Request - State: closed - Opened by SofyaTavrovskaya over 4 years ago - 10 comments

#2324 - Getting error as FAILED. Kindly help for the solution

Issue - State: closed - Opened by hemantloni over 4 years ago - 2 comments

#2323 - Invalid value for `cve` at insecure_full.json

Issue - State: closed - Opened by sbs2001 over 4 years ago - 3 comments

#2322 - DOC/Question: What is the relationship between safety-db and NVD (National Vulnerability Database)?

Issue - State: closed - Opened by MartinThoma over 4 years ago - 4 comments

#2321 - gender-guesser marked as blocker, but not in insecure_full.json

Issue - State: closed - Opened by 0LL13 over 4 years ago - 4 comments

#2320 - python-semantic-release appears to reference wrong package

Issue - State: closed - Opened by alandtse over 4 years ago - 1 comment

#2319 - Should malicious libraries also be included in safety-db?

Issue - State: closed - Opened by exhuma over 4 years ago - 1 comment

#2318 - Python dependency is compared to the wrong project

Issue - State: closed - Opened by normoes over 4 years ago - 3 comments

#2317 - Under-described Django issue 38650

Issue - State: closed - Opened by l0b0 over 4 years ago - 2 comments

#2316 - Add CVE-2019-1010083 for Flask < 1.0

Issue - State: closed - Opened by jamespic over 4 years ago - 1 comment

#2315 - python-semantic-release finding

Issue - State: closed - Opened by wyardley over 4 years ago - 4 comments

#2314 - Uvicorn vulnerabilities patched in 0.11.7, but still in db, >=0

Issue - State: closed - Opened by Kulikovpavel over 4 years ago - 18 comments
Labels: bad-spec

#2313 - PyYAML – v5.1 – CVE-2019-20477

Issue - State: closed - Opened by dugdug36 over 4 years ago - 1 comment

#2312 - Document how to ignore multiple IDs

Issue - State: open - Opened by l0b0 over 4 years ago

#2311 - [CVE-2019-16784] Local Privilege Escalation in PyInstaller<3.6

Issue - State: closed - Opened by cisba over 4 years ago - 2 comments

#2310 - Is the Safety DB still dying?

Issue - State: closed - Opened by l0b0 over 4 years ago - 1 comment

#2309 - Access files as setuptools pkg_resource

Pull Request - State: open - Opened by ajw-aws over 4 years ago - 7 comments
Labels: enhancement

#2308 - JSON files not found on import

Issue - State: open - Opened by ajw-aws over 4 years ago - 3 comments

#2307 - Wrong spec in Django advisory

Issue - State: closed - Opened by sbs2001 over 4 years ago - 2 comments

#2306 - simple_salesforce < 1.0.0 is incorrectly marked as insecure

Issue - State: closed - Opened by soylent almost 5 years ago - 3 comments

#2305 - Bring data files along with the package

Pull Request - State: closed - Opened by rafaelpivato almost 5 years ago
Labels: bug

#2304 - Add tests around whether data files can be imported

Issue - State: open - Opened by rafaelpivato almost 5 years ago
Labels: enhancement

#2303 - Safety wants impossible version for python-nomad

Issue - State: closed - Opened by threemachines almost 5 years ago - 1 comment

#2302 - Pipenv check failure: Connection to pyup.io timed out

Issue - State: closed - Opened by yyang-nasuni almost 5 years ago - 3 comments

#2301 - TensorFlow 1.15.2 is incorrectly marked as insecure

Issue - State: closed - Opened by pquentin almost 5 years ago - 5 comments

#2300 - Wrong package - Monero

Issue - State: closed - Opened by ladislavdubravsky almost 5 years ago - 1 comment

#2299 - pyup not updating to package ccnmtlsettings 1.6.0

Issue - State: closed - Opened by nikolas about 5 years ago - 1 comment
Labels: bug

#2297 - Review rdflib pyup.io-36882 based on CVE-2019-7653

Issue - State: closed - Opened by rafaelpivato almost 5 years ago - 1 comment
Labels: bad-spec

#2296 - Review requests CVE-2018-18074 spec

Issue - State: closed - Opened by rafaelpivato almost 5 years ago - 4 comments
Labels: bad-spec

#2295 - Safety DB appears to be flagging Django 3.0.4 incorrectly

Issue - State: closed - Opened by MartinFalatic almost 5 years ago - 1 comment

#2294 - django==2.2.11 wrongly reported as affected by CVE-2020-9402

Issue - State: closed - Opened by dms-cat almost 5 years ago - 3 comments

#2293 - Whitelist pyOpenSSL 0.13.1 for IDs 36533/36534.

Issue - State: closed - Opened by dumol about 6 years ago - 2 comments
Labels: bad-spec

#2292 - Safety is flagging the Python `commonmark` package for a JS vulnerability

Issue - State: closed - Opened by MartinFalatic almost 5 years ago - 4 comments

#2291 - Reporting wrong package

Issue - State: closed - Opened by stsewd almost 5 years ago - 2 comments
Labels: wrong-package

#2290 - Safety doesn't detect urllib's CVE-2019-9740

Issue - State: closed - Opened by disconnect3d about 5 years ago - 4 comments
Labels: missing-vuln

#2289 - Waitress package security bugs are not detected

Issue - State: closed - Opened by disconnect3d about 5 years ago - 2 comments

#2288 - Invalid python-gnupg version reported in pipenv security check

Issue - State: closed - Opened by yyang-nasuni almost 5 years ago - 2 comments

#2287 - What to do when CVE not listed, and ID from safety is not in the manifest?

Issue - State: closed - Opened by mcallaghan-bsm almost 5 years ago - 3 comments
Labels: question

#2286 - invalid pip vuln marks all pip packages as vuln

Issue - State: closed - Opened by thehesiod almost 5 years ago - 7 comments

#2285 - psutil >=5.6.5 affected should be psutil <=5.6.5

Issue - State: closed - Opened by dms-cat almost 5 years ago - 3 comments

#2284 - The content of the data is sometimes confusing, especially which versions are affected

Issue - State: closed - Opened by rustybrooks about 5 years ago - 2 comments
Labels: question

#2283 - Monthly updates

Issue - State: closed - Opened by bac about 5 years ago - 1 comment

#2282 - December update? Or, is safety-db dying?

Issue - State: closed - Opened by chezou about 5 years ago - 9 comments

#2281 - safety check misses vulnerability for annclovar < 0.4

Issue - State: closed - Opened by sanielfishawy about 5 years ago - 2 comments
Labels: invalid

#2280 - Update PyPI package

Issue - State: closed - Opened by leblancfg over 5 years ago - 2 comments
Labels: bug

#2279 - June 2019 update included no changes

Issue - State: closed - Opened by rback123 over 5 years ago - 4 comments

#2278 - Correct misleading description for requests

Pull Request - State: closed - Opened by dirkmueller almost 6 years ago - 2 comments
Labels: invalid

#2277 - Ensure the package_data is included generated wheel and sdist packages

Pull Request - State: closed - Opened by dwighthubbard almost 6 years ago - 4 comments
Labels: invalid, bug

#2276 - Report CVE-2019-7548 and CVE-2019-7164 (SQLAlchemy)

Issue - State: closed - Opened by calve almost 6 years ago - 3 comments
Labels: missing-vuln

#2275 - CVE-2019-7653 is Debian only; remove

Pull Request - State: closed - Opened by mr-c almost 6 years ago - 5 comments
Labels: invalid

#2274 - Fix false positive for invenio-admin

Pull Request - State: closed - Opened by lnielsen almost 6 years ago - 2 comments

#2273 - Install and usage steps do not seem to work

Issue - State: closed - Opened by peacepirate over 6 years ago - 2 comments
Labels: bug

#2272 - False positive for CVE-2018-10903 : cryptography == 2.3

Issue - State: closed - Opened by shtratos over 6 years ago - 5 comments

GitHub / pyupio/safety-db issues and pull requests