MEDIUM 5.7 PyPI
GHSA-2wpw-cm9w-v4xm · CVE-2022-4719, PYSEC-2022-43005 rdiffweb vulnerable to Business Logic Errors
Modified: 12/5/2024
package
PyPI / rdiffweb
pkg:pypi/rdiffweb
HIGH 7.5 PyPI
GHSA-3fhq-72hw-jqwv · CVE-2022-3371, PYSEC-2022-299 rdiffweb's lack of token name length limit can result in DoS or memory corruption
Modified: 10/25/2024
MEDIUM 4.3 PyPI
GHSA-4wph-9vrm-6v3w · CVE-2022-4018, PYSEC-2022-43001 Rdiffweb vulnerable to Missing Authentication for Critical Function
Modified: 10/26/2024
HIGH 7.5 PyPI
GHSA-5v95-j4rr-6f3c · CVE-2022-3290, PYSEC-2022-292 rdiffweb's unlimited username field length can lead to DoS
Modified: 5/29/2026
MEDIUM 6.1 PyPI
GHSA-639f-hxcv-84mc · CVE-2022-4644, PYSEC-2022-43003 rdiffweb Open Redirect vulnerability
Modified: 10/25/2024
MEDIUM 4.3 PyPI
GHSA-74j6-3hh4-w3f5 · CVE-2022-3267, PYSEC-2022-284 rdiffweb Cross-Site Request Forgery vulnerability
Modified: 10/25/2024
MEDIUM 4.6 PyPI
GHSA-7fqm-jm52-f9vc · CVE-2022-3292, PYSEC-2022-296 rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Modified: 10/16/2024
MEDIUM 6.5 PyPI
GHSA-7q4r-x5qg-mmcp · CVE-2022-4723, PYSEC-2022-43009 rdiffweb has no rate limit on resend email feature
Modified: 10/25/2024
MEDIUM 5.3 PyPI
GHSA-7wr6-fj4x-893v · CVE-2022-3376, PYSEC-2022-43157 rdiffweb allows a new password to be the same as the previous password
Modified: 11/22/2024
CRITICAL 9.8 PyPI
GHSA-824x-jcxf-hpfg · CVE-2022-3457, PYSEC-2022-43161 Origin Validation Error in rdiffweb
Modified: 11/22/2024
MEDIUM 5.4 PyPI
GHSA-83pm-7v48-5jp4 · CVE-2022-4721, PYSEC-2022-43007 rdiffweb vulnerable to Special Element Injection
Modified: 10/25/2024
MEDIUM 6.5 PyPI
GHSA-85fp-523q-5xwc · CVE-2022-4646, PYSEC-2022-43004 rdiffweb vulnerable to Cross-Site Request Forgery
Modified: 10/25/2024
MEDIUM 6.1 PyPI
GHSA-8g9m-vv69-7j99 · CVE-2022-3438, PYSEC-2022-43158 rdiffweb vulnerable to Open Redirect
Modified: 11/22/2024
MEDIUM 5.4 PyPI
GHSA-8wxf-c45w-g66g · CVE-2022-3326, PYSEC-2022-297 rdiffweb vulnerable to password complexity bypass leading to weak passwords
Modified: 10/26/2024
MEDIUM PyPI
GHSA-92gf-p376-6r9r · CVE-2022-3456, PYSEC-2022-43160 Missing rate limit on rdiffweb
Modified: 12/3/2024
CRITICAL 9.8 PyPI
GHSA-94qm-99qc-qwqj · CVE-2022-3362, PYSEC-2022-43000 rdiffweb vulnerable to Insufficient Session Expiration
Modified: 10/26/2024
CRITICAL 9.8 PyPI
GHSA-99j5-fvg3-54pm · CVE-2022-3327, PYSEC-2022-42977 Rdiffweb is missing authentication for critical function
Modified: 10/26/2024
HIGH 7.3 PyPI
GHSA-9g3v-v24q-jj5p · CVE-2022-3273, PYSEC-2022-43156 rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
Modified: 11/22/2024
MEDIUM 4.3 PyPI
GHSA-9vxf-mcm6-5m42 · CVE-2022-3233, PYSEC-2022-285 rdiffweb CSRF could lead to disabling notifications in user profile
Modified: 10/25/2024
HIGH 8.8 PyPI
GHSA-c4rv-2j6x-pq7x · CVE-2023-5289, PYSEC-2023-186 Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
Modified: 10/26/2024
MEDIUM 5.3 PyPI
GHSA-ch4c-278q-5654 · CVE-2022-3175, PYSEC-2022-273 rdiffweb Missing Custom Error Page
Modified: 10/25/2024
MEDIUM 4.3 PyPI
GHSA-cw2v-wv4g-w4p6 · CVE-2022-3232, PYSEC-2022-281 rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
Modified: 10/25/2024
MEDIUM 5.3 PyPI
GHSA-fqfg-c577-2vc3 · CVE-2022-3364, PYSEC-2022-298 rdiffweb's unlimited length Fullname field can lead to DoS
Modified: 10/25/2024
CRITICAL 9.8 PyPI
GHSA-g594-55mp-f6q8 · CVE-2022-4314, PYSEC-2022-43002 Improper Privilege Management in rdiffweb
Modified: 10/25/2024
HIGH 7.0 PyPI
GHSA-gmj8-84r4-h46j · CVE-2022-3274, PYSEC-2022-289 rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
Modified: 10/25/2024
HIGH 8.2 PyPI
GHSA-h5wp-jrqc-cwwx · CVE-2022-4720, PYSEC-2022-43006 rdiffweb vulnerable to Open Redirect
Modified: 10/25/2024
HIGH 7.5 PyPI
GHSA-hrj7-f62f-j7x7 · CVE-2022-3295, PYSEC-2022-293 rdiffweb allows unlimited length of root directory name, which could result in DoS
Modified: 10/25/2024
HIGH 7.5 PyPI
GHSA-hrrm-895h-xh34 · CVE-2022-3389, PYSEC-2022-302 rdiffweb Path Traversal vulnerability
Modified: 10/25/2024
CRITICAL 9.8 PyPI
GHSA-j3q4-gmj4-mj95 · CVE-2022-3269, PYSEC-2022-290 rdiffweb vulnerable to account access via session fixation
Modified: 10/25/2024
CRITICAL 9.8 PyPI
GHSA-jw36-mrvg-j5fx · CVE-2022-3363, PYSEC-2022-42978 Rdiffweb subject to Business Logic Errors
Modified: 12/6/2024
HIGH 8.8 PyPI
GHSA-m379-x4xc-38x9 · CVE-2022-3167, PYSEC-2022-268 rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
Modified: 10/25/2024
MEDIUM 5.3 PyPI
GHSA-m748-hjqg-rpp8 · CVE-2022-3250, PYSEC-2022-287 rdiffweb has insecure HTTP cookies
Modified: 10/25/2024
CRITICAL 9.8 PyPI
GHSA-m8r9-qxx8-mrxp · CVE-2022-4724, PYSEC-2022-43010 rdiffweb Improper Access Control vulnerability
Modified: 10/25/2024
HIGH 7.5 PyPI
GHSA-mjw4-xvx6-3grg · CVE-2022-3174, PYSEC-2022-271 rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Modified: 10/25/2024
HIGH 8.8 PyPI
GHSA-mp5p-g2jv-r8qw · CVE-2022-3179, PYSEC-2022-272 rdiffweb contains Weak Password Requirements
Modified: 10/25/2024
LOW 2.4 PyPI
GHSA-qq29-5vjh-vxwr · CVE-2022-3301, PYSEC-2022-295 rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Modified: 10/25/2024
HIGH 7.5 PyPI
GHSA-qrj3-hrgj-fm7r · CVE-2022-3272, PYSEC-2022-291 rdiffweb's unlimited length email field can lead to DoS
Modified: 5/21/2025
HIGH 8.1 PyPI
GHSA-v4gp-hf5j-4566 · CVE-2025-67796 IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users
Modified: 5/8/2026
HIGH 8.8 PyPI
GHSA-vq4h-xrwc-m639 · CVE-2022-3221, PYSEC-2022-278 rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
Modified: 10/25/2024
HIGH 7.2 PyPI
GHSA-wf33-6x33-wcf9 · CVE-2022-4722, PYSEC-2022-43008 rdiffweb vulnerable to Authentication Bypass by Primary Weakness
Modified: 10/25/2024
MEDIUM 4.2 PyPI
GHSA-wwrg-2w5j-grvx · CVE-2023-4138 RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
Modified: 2/22/2025
CRITICAL 9.8 PyPI
GHSA-x8x2-wc2h-wc48 · CVE-2022-3439, PYSEC-2022-43159 Missing rate limit on rdiffweb
Modified: 11/22/2024
HIGH 7.5 PyPI
GHSA-xhw9-4wqq-x67v · CVE-2022-3298, PYSEC-2022-294 rdiffweb vulnerable to potential DoS via memory consumption
Modified: 10/16/2024
— PyPI
PYSEC-2022-268 · CVE-2022-3167, GHSA-m379-x4xc-38x9 Modified: 11/8/2023
— PyPI
PYSEC-2022-271 · CVE-2022-3174, GHSA-mjw4-xvx6-3grg Modified: 11/8/2023
— PyPI
PYSEC-2022-272 · CVE-2022-3179, GHSA-mp5p-g2jv-r8qw Modified: 11/8/2023
— PyPI
PYSEC-2022-273 · CVE-2022-3175, GHSA-ch4c-278q-5654 Modified: 11/8/2023
— PyPI
PYSEC-2022-278 · CVE-2022-3221, GHSA-vq4h-xrwc-m639 Modified: 11/8/2023
— PyPI
PYSEC-2022-281 · CVE-2022-3232, GHSA-cw2v-wv4g-w4p6 Modified: 11/8/2023
— PyPI
PYSEC-2022-284 · CVE-2022-3267, GHSA-74j6-3hh4-w3f5 Modified: 11/8/2023
— PyPI
PYSEC-2022-285 · CVE-2022-3233, GHSA-9vxf-mcm6-5m42 Modified: 11/8/2023
— PyPI
PYSEC-2022-287 · CVE-2022-3250, GHSA-m748-hjqg-rpp8 Modified: 11/8/2023
— PyPI
PYSEC-2022-289 · CVE-2022-3274, GHSA-gmj8-84r4-h46j Modified: 11/8/2023
— PyPI
PYSEC-2022-290 · CVE-2022-3269, GHSA-j3q4-gmj4-mj95 Modified: 11/8/2023
— PyPI
PYSEC-2022-291 · CVE-2022-3272, GHSA-qrj3-hrgj-fm7r Modified: 11/8/2023
— PyPI
PYSEC-2022-292 · CVE-2022-3290, GHSA-5v95-j4rr-6f3c Modified: 5/19/2026
— PyPI
PYSEC-2022-293 · CVE-2022-3295, GHSA-hrj7-f62f-j7x7 Modified: 11/8/2023
— PyPI
PYSEC-2022-294 · CVE-2022-3298, GHSA-xhw9-4wqq-x67v Modified: 11/8/2023
— PyPI
PYSEC-2022-295 · CVE-2022-3301, GHSA-qq29-5vjh-vxwr Modified: 11/8/2023
— PyPI
PYSEC-2022-296 · CVE-2022-3292, GHSA-7fqm-jm52-f9vc Modified: 10/9/2025
— PyPI
PYSEC-2022-297 · CVE-2022-3326, GHSA-8wxf-c45w-g66g Modified: 10/9/2025
— PyPI
PYSEC-2022-298 · CVE-2022-3364, GHSA-fqfg-c577-2vc3 Modified: 10/9/2025
— PyPI
PYSEC-2022-299 · CVE-2022-3371, GHSA-3fhq-72hw-jqwv Modified: 10/9/2025
— PyPI
PYSEC-2022-302 · CVE-2022-3389, GHSA-hrrm-895h-xh34 Modified: 10/9/2025
— PyPI
PYSEC-2022-42977 · CVE-2022-3327, GHSA-99j5-fvg3-54pm Modified: 11/8/2023
— PyPI
PYSEC-2022-42978 · CVE-2022-3363, GHSA-jw36-mrvg-j5fx Modified: 11/8/2023
— PyPI
PYSEC-2022-43000 · CVE-2022-3362, GHSA-94qm-99qc-qwqj Modified: 11/8/2023
— PyPI
PYSEC-2022-43001 · CVE-2022-4018, GHSA-4wph-9vrm-6v3w Modified: 11/8/2023
— PyPI
PYSEC-2022-43002 · CVE-2022-4314, GHSA-g594-55mp-f6q8 Modified: 11/8/2023
— PyPI
PYSEC-2022-43003 · CVE-2022-4644, GHSA-639f-hxcv-84mc Modified: 11/8/2023
— PyPI
PYSEC-2022-43004 · CVE-2022-4646, GHSA-85fp-523q-5xwc Modified: 11/8/2023
— PyPI
PYSEC-2022-43005 · CVE-2022-4719, GHSA-2wpw-cm9w-v4xm Modified: 11/8/2023
— PyPI
PYSEC-2022-43006 · CVE-2022-4720, GHSA-h5wp-jrqc-cwwx Modified: 11/8/2023
— PyPI
PYSEC-2022-43007 · CVE-2022-4721, GHSA-83pm-7v48-5jp4 Modified: 11/8/2023
— PyPI
PYSEC-2022-43008 · CVE-2022-4722, GHSA-wf33-6x33-wcf9 Modified: 11/8/2023
— PyPI
PYSEC-2022-43009 · CVE-2022-4723, GHSA-7q4r-x5qg-mmcp Modified: 11/8/2023
— PyPI
PYSEC-2022-43010 · CVE-2022-4724, GHSA-m8r9-qxx8-mrxp Modified: 11/8/2023
CRITICAL 9.8 PyPI
PYSEC-2022-43156 · CVE-2022-3273, GHSA-9g3v-v24q-jj5p Modified: 11/21/2024
MEDIUM 5.3 PyPI
PYSEC-2022-43157 · CVE-2022-3376, GHSA-7wr6-fj4x-893v Modified: 11/21/2024
MEDIUM 6.1 PyPI
PYSEC-2022-43158 · CVE-2022-3438, GHSA-8g9m-vv69-7j99 Modified: 11/21/2024
CRITICAL 9.8 PyPI
PYSEC-2022-43159 · CVE-2022-3439, GHSA-x8x2-wc2h-wc48 Modified: 11/21/2024
CRITICAL 9.8 PyPI
PYSEC-2022-43160 · CVE-2022-3456, GHSA-92gf-p376-6r9r Modified: 11/21/2024
CRITICAL 9.8 PyPI
PYSEC-2022-43161 · CVE-2022-3457, GHSA-824x-jcxf-hpfg Modified: 11/21/2024
HIGH 7.5 PyPI
PYSEC-2022-43184 · CVE-2022-3290, GHSA-5v95-j4rr-6f3c Modified: 5/19/2026
HIGH 8.8 PyPI
PYSEC-2023-186 · CVE-2023-5289, GHSA-c4rv-2j6x-pq7x Modified: 11/8/2023