MEDIUM 6.4 PyPI
GHSA-4j59-vv55-q6h3 · CVE-2024-38825 Salt's salt.auth.pki module does not properly authenticate callers
Modified: 6/13/2025
package
PyPI / salt
pkg:pypi/salt
CRITICAL 9.8 PyPI
GHSA-29j3-2446-5j4w · CVE-2020-25592, PYSEC-2020-106 SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Modified: 10/22/2024
HIGH 8.8 PyPI
GHSA-2q4g-wfm6-5fpm · CVE-2022-22934, PYSEC-2022-171 SaltStack Improper Verification of Cryptographic Signature
Modified: 10/26/2024
HIGH 7.7 PyPI
GHSA-2qw3-2wv6-p64x · CVE-2024-22232 Path traversal in saltstack
Modified: 6/27/2024
MEDIUM 5.5 PyPI
GHSA-3c56-vx6v-q5vh · CVE-2020-17490, PYSEC-2020-105 SaltStack Salt Allows creating certificates with weak file permissions
Modified: 10/22/2024
MEDIUM 6.7 PyPI
GHSA-4277-m35q-7c9w · CVE-2023-34049 Salt preflight script could be attacker controlled
Modified: 11/14/2024
HIGH 8.8 PyPI
GHSA-5r3f-3m3j-wcj2 · CVE-2022-22936, PYSEC-2022-173 SaltStack Salt Authentication Bypass by Capture-replay
Modified: 10/22/2024
HIGH 7.5 PyPI
GHSA-657p-cj5r-mjrh · CVE-2017-14696, PYSEC-2017-37 SaltStack Salt Denial of Service via a crafted authentication request
Modified: 10/22/2024
MEDIUM 5.3 PyPI
GHSA-6grp-75pq-c8cj · CVE-2015-1839, PYSEC-2017-30 SaltStack has insecure /tmp file handling in salt/modules/chef.py
Modified: 12/1/2024
LOW 3.3 PyPI
GHSA-6prw-8xhm-h247 · CVE-2015-8034, PYSEC-2017-32 Salt uses weak permissions on the cache data
Modified: 10/21/2024
CRITICAL 9.1 PyPI
GHSA-76x4-x3p6-rpr9 · CVE-2021-25282, PYSEC-2021-51 SaltStack Salt Directory Traversal vulnerability
Modified: 10/26/2024
HIGH 7.8 PyPI
GHSA-77w2-v593-vxvv · CVE-2025-62348 Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload
Modified: 2/3/2026
MEDIUM 5.6 PyPI
GHSA-7f3f-x5f5-79gw · CVE-2025-22241 Salt's file contents overwrite the VirtKey class
Modified: 6/17/2025
HIGH 7.5 PyPI
GHSA-7wx3-vr2f-6p29 · CVE-2013-6617, PYSEC-2013-15 SaltStack Privilege Escalation vulnerability
Modified: 12/7/2024
HIGH 7.5 PyPI
GHSA-8j9g-c9rp-jvg4 · CVE-2015-4017, PYSEC-2017-31 Salt vulnerable to Improper Certificate Validation
Modified: 10/21/2024
CRITICAL 9.6 PyPI
GHSA-8pcp-r83j-fc92 · CVE-2024-38824 Salt vulnerable to directory traversal attack in file receiving method
Modified: 6/13/2025
HIGH 8.8 PyPI
GHSA-8r7r-x48r-pf8f · CVE-2017-5200, PYSEC-2017-39 SaltStack Salt arbitrary command execution in Salt-api via ssh_client
Modified: 12/1/2024
CRITICAL 9.8 PyPI
GHSA-8rp6-x3r7-5qw3 · CVE-2021-3197, PYSEC-2021-57 SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Modified: 10/23/2024
MEDIUM 5.3 PyPI
GHSA-92pw-mff9-jqgm · CVE-2015-1838, PYSEC-2017-29 Salt improper handling of tmp files
Modified: 12/1/2024
MEDIUM 5.6 PyPI
GHSA-989c-m532-p2hv · CVE-2025-22242 Salt's worker process vulnerable to denial of service through file read operation
Modified: 6/13/2025
HIGH 8.1 PyPI
GHSA-c46w-gr7f-jm2p · CVE-2025-22239 Salt vulnerable to arbitrary event injection
Modified: 6/13/2025
LOW 3.7 PyPI
GHSA-cvcc-5x92-gmhc · CVE-2022-22935, PYSEC-2022-172 SaltStack Salt Improper Authentication via Man in the Middle Attack
Modified: 10/22/2024
CRITICAL 9.8 PyPI
GHSA-cxm4-7qcw-267r · CVE-2015-6941, PYSEC-2017-71 salt password information leaked in debug logs
Modified: 10/21/2024
HIGH 7.5 PyPI
GHSA-f22j-37jj-cxw9 · CVE-2013-4436, PYSEC-2013-26 SaltStack MITM SSH attack in salt-ssh
Modified: 10/26/2024
HIGH 8.8 PyPI
GHSA-f2h7-4f84-8qrm · CVE-2017-5192, PYSEC-2017-38 SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
Modified: 10/21/2024
MEDIUM 6.7 PyPI
GHSA-fcr4-h6c4-rvvp · CVE-2025-22237 Salt's on demand pillar functionality vulnerable to arbitrary command injections
Modified: 6/13/2025
HIGH 7.5 PyPI
GHSA-fpxm-fprw-6hxj · CVE-2022-22967, PYSEC-2022-210 Salt's PAM auth fails to reject locked accounts
Modified: 10/26/2024
CRITICAL 9.8 PyPI
GHSA-g283-88v5-rmq2 · CVE-2017-7893, PYSEC-2018-50 SaltStack Salt allows compromised salt-minions to impersonate the salt-master
Modified: 12/6/2024
CRITICAL 9.8 PyPI
GHSA-ghc2-hx3w-jqmp · CVE-2021-3148, PYSEC-2021-55 SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Modified: 10/23/2024
HIGH 8.1 PyPI
GHSA-gq26-cpq6-w85r · CVE-2013-2228 SaltStack RSA Key Generation allows remote users to decrypt communications
Modified: 5/8/2024
CRITICAL 9.8 PyPI
GHSA-h8xp-h3jf-wv4v · CVE-2019-1010259, PYSEC-2019-119 SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
Modified: 10/25/2024
HIGH 7.8 PyPI
GHSA-hcjf-rp5h-g5h3 · CVE-2021-31607, PYSEC-2021-56 Command Injection in SaltStack Salt
Modified: 10/23/2024
CRITICAL 9.1 PyPI
GHSA-hvmj-356c-gpf4 · CVE-2016-9639, PYSEC-2017-34 Salt allows deleted minions to read or write to minions with the same id
Modified: 10/21/2024
CRITICAL 9.8 PyPI
GHSA-j6gj-pg62-x8j6 · CVE-2017-14695, PYSEC-2017-36 SaltStack Salt Directory traversal vulnerability in minion id validation
Modified: 10/21/2024
HIGH 8.1 PyPI
GHSA-jh7c-xh74-h76f · CVE-2025-22236 Salt has minion event bus authorization bypass vulnerability
Modified: 6/13/2025
MEDIUM 6.5 PyPI
GHSA-jmv9-5gx8-7xpf · CVE-2013-4439, PYSEC-2013-14 Minion identity not validated in saltstack
Modified: 12/6/2024
MEDIUM 5.3 PyPI
GHSA-jx34-pppm-gjvr · CVE-2018-15750, PYSEC-2018-29 SaltStack Salt Directory Traversal vulnerability in salt-api
Modified: 10/23/2024
HIGH PyPI
GHSA-mfr3-9cj8-h2qm · CVE-2014-3563, PYSEC-2014-18 SaltStack Salt Insecure Temporary File Creation
Modified: 12/1/2024
HIGH 7.5 PyPI
GHSA-pf7h-h2wq-m7pg · CVE-2021-21996, PYSEC-2021-318 Exposure of Resource to Wrong Sphere in salt
Modified: 10/22/2024
HIGH 7.8 PyPI
GHSA-phhw-3wc9-8q75 · CVE-2020-28243, PYSEC-2021-73 SaltStack Salt command injection via a crafted process name
Modified: 10/22/2024
CRITICAL 9.8 PyPI
GHSA-pjhf-vpx3-33r3 · CVE-2020-11651, PYSEC-2020-102 SaltStack Salt Unauthenticated Remote Code Execution
Modified: 10/26/2024
HIGH 7.8 PyPI
GHSA-pmj6-9f8c-8g2m · CVE-2021-25315, PYSEC-2021-891 Saltstack Salt Unauthenticated Arbitrary Code Execution
Modified: 4/9/2025
MEDIUM 5.0 PyPI
GHSA-q27c-j6j9-53w3 · CVE-2024-22231 Directory creation by malicious user in saltstack
Modified: 6/27/2024
MEDIUM 6.3 PyPI
GHSA-q2x6-8gfj-hjxw · CVE-2015-6918, PYSEC-2017-70 salt leaks git usernames and passwords to the log
Modified: 10/21/2024
CRITICAL 9.8 PyPI
GHSA-q53j-p6r2-g2v4 · CVE-2019-17361, PYSEC-2020-177 SaltStack Salt is vulnerable to command injection
Modified: 10/22/2024
HIGH 8.8 PyPI
GHSA-qcr3-hr2f-6557 · CVE-2022-22941, PYSEC-2022-174 SaltStack Salt Permissions Bypass
Modified: 10/22/2024
CRITICAL 9.8 PyPI
GHSA-qr38-h96j-2j3w · CVE-2020-16846, PYSEC-2020-104 SaltStack Salt Command Injection in netapi ssh client
Modified: 10/22/2025
HIGH PyPI
GHSA-qr3x-v97p-42xw · CVE-2013-4437, PYSEC-2013-27 SaltStack insecurely uses /tmp
Modified: 10/26/2024
MEDIUM 4.2 PyPI
GHSA-qvh6-3j7x-3hq7 · CVE-2023-20898, PYSEC-2023-169 Salt can cause Git Providers to get wrong data
Modified: 2/13/2025
HIGH 7.4 PyPI
GHSA-qx72-q6w3-qgc7 · CVE-2020-35662, PYSEC-2021-75 SaltStack Salt Improper SSL Certificate Validation
Modified: 10/22/2024
MEDIUM 4.2 PyPI
GHSA-r546-h3ff-q585 · CVE-2025-22238 Salt vulnerable to directory traversal attack in minion file cache creation
Modified: 6/13/2025
MEDIUM 4.4 PyPI
GHSA-r55w-xph5-xvx2 · CVE-2021-25284, PYSEC-2021-53 SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Modified: 10/23/2024
MEDIUM 5.6 PyPI
GHSA-v2rp-9cpj-pfw2 · CVE-2016-3176, PYSEC-2017-33 Salt Insecure configuration of PAM external authentication service
Modified: 10/21/2024
HIGH 8.8 PyPI
GHSA-v89f-4mc4-h6w9 · CVE-2013-4435, PYSEC-2013-12 Salt has insufficient argument validation in several modules
Modified: 10/26/2024
MEDIUM 6.2 PyPI
GHSA-vcf3-26xf-fw4m · CVE-2025-62349 Salt Authentication Protocol Version Downgrade Allows Minion Impersonation
Modified: 2/3/2026
MEDIUM 6.5 PyPI
GHSA-vp49-2g4r-m3x3 · CVE-2020-11652, PYSEC-2020-103 SaltStack Salt is vulnerable Arbitrary Directory Access
Modified: 10/22/2025
MEDIUM 5.3 PyPI
GHSA-vpjg-wmf8-29h9 · CVE-2023-20897, PYSEC-2023-166 Salt vulnerable to denial of service
Modified: 2/13/2025
HIGH 8.1 PyPI
GHSA-vqh4-crjf-jjxx · CVE-2016-1866, PYSEC-2016-23 Salt Improper Access Control
Modified: 10/21/2024
CRITICAL 9.1 PyPI
GHSA-w2hr-3mc8-46gh · CVE-2021-3144, PYSEC-2021-54 SaltStack Salt eauth tokens can be used once after expiration
Modified: 10/23/2024
MEDIUM 5.9 PyPI
GHSA-w589-r335-4f55 · CVE-2020-28972, PYSEC-2021-74 SaltStack Salt Improper Certificate Validation
Modified: 10/26/2024
CRITICAL 9.8 PyPI
GHSA-x549-r7m8-gv63 · CVE-2018-15751, PYSEC-2018-30 SaltStack Salt Remote command execution and incorrect access control when using salt-api
Modified: 10/23/2024
HIGH 7.8 PyPI
GHSA-xcx4-5wq7-g5g7 · CVE-2017-8109, PYSEC-2017-82 SaltStack Salt Information Exposure
Modified: 10/26/2024
MEDIUM 6.4 PyPI
GHSA-xf37-qcvf-7m57 · CVE-2021-22004, PYSEC-2021-346 Improper Authentication in SaltStack Salt
Modified: 10/26/2024
CRITICAL 9.8 PyPI
GHSA-xgmh-gfxw-2hvv · CVE-2021-25283, PYSEC-2021-52 SaltStack Salt Server Side Template Injection
Modified: 10/23/2024
MEDIUM 6.3 PyPI
GHSA-xh32-3m67-qjgf · CVE-2025-22240 Salt allows arbitrary directory creation or file deletion
Modified: 6/13/2025
CRITICAL 9.8 PyPI
GHSA-xxvj-8g5m-4qgw · CVE-2017-12791, PYSEC-2017-151 SaltStack Salt Directory traversal vulnerability in minion id validation
Modified: 5/19/2026
CRITICAL 9.8 PyPI
GHSA-xxw3-765m-f37p · CVE-2021-25281, PYSEC-2021-50 SaltStack Salt Improper Authentication vulnerability
Modified: 10/23/2024
— PyPI
PYSEC-2013-12 · CVE-2013-4435, GHSA-v89f-4mc4-h6w9 Modified: 6/10/2026
— PyPI
PYSEC-2013-13 · CVE-2013-4438 Modified: 11/8/2023
— PyPI
PYSEC-2013-14 · CVE-2013-4439, GHSA-jmv9-5gx8-7xpf Modified: 11/8/2023
— PyPI
PYSEC-2013-15 · CVE-2013-6617, GHSA-7wx3-vr2f-6p29 Modified: 6/10/2026
— PyPI
PYSEC-2013-26 · CVE-2013-4436, GHSA-f22j-37jj-cxw9 Modified: 6/10/2026
— PyPI
PYSEC-2013-27 · CVE-2013-4437, GHSA-qr3x-v97p-42xw Modified: 6/10/2026
— PyPI
PYSEC-2014-18 · CVE-2014-3563, GHSA-mfr3-9cj8-h2qm Modified: 6/10/2026
— PyPI
PYSEC-2016-23 · CVE-2016-1866, GHSA-vqh4-crjf-jjxx Modified: 6/10/2026
CRITICAL 9.8 PyPI
PYSEC-2017-151 · CVE-2017-12791, GHSA-xxvj-8g5m-4qgw Modified: 5/19/2026
— PyPI
PYSEC-2017-29 · CVE-2015-1838, GHSA-92pw-mff9-jqgm Modified: 6/10/2026
— PyPI
PYSEC-2017-30 · CVE-2015-1839, GHSA-6grp-75pq-c8cj Modified: 6/10/2026
— PyPI
PYSEC-2017-31 · CVE-2015-4017, GHSA-8j9g-c9rp-jvg4 Modified: 6/10/2026
— PyPI
PYSEC-2017-32 · CVE-2015-8034, GHSA-6prw-8xhm-h247 Modified: 6/10/2026
— PyPI
PYSEC-2017-33 · CVE-2016-3176, GHSA-v2rp-9cpj-pfw2 Modified: 6/10/2026
— PyPI
PYSEC-2017-34 · CVE-2016-9639, GHSA-hvmj-356c-gpf4 Modified: 6/10/2026
— PyPI
PYSEC-2017-35 · CVE-2017-12791, GHSA-xxvj-8g5m-4qgw Modified: 6/10/2026
— PyPI
PYSEC-2017-36 · CVE-2017-14695, GHSA-j6gj-pg62-x8j6 Modified: 6/10/2026
— PyPI
PYSEC-2017-37 · CVE-2017-14696, GHSA-657p-cj5r-mjrh Modified: 6/10/2026
— PyPI
PYSEC-2017-38 · CVE-2017-5192, GHSA-f2h7-4f84-8qrm Modified: 6/10/2026
— PyPI
PYSEC-2017-39 · CVE-2017-5200, GHSA-8r7r-x48r-pf8f Modified: 6/10/2026
— PyPI
PYSEC-2017-70 · CVE-2015-6918, GHSA-q2x6-8gfj-hjxw Modified: 6/10/2026
— PyPI
PYSEC-2017-71 · CVE-2015-6941, GHSA-cxm4-7qcw-267r Modified: 6/10/2026
— PyPI
PYSEC-2017-82 · CVE-2017-8109, GHSA-xcx4-5wq7-g5g7 Modified: 6/10/2026
— PyPI
PYSEC-2018-29 · CVE-2018-15750, GHSA-jx34-pppm-gjvr Modified: 6/10/2026
— PyPI
PYSEC-2018-30 · CVE-2018-15751, GHSA-x549-r7m8-gv63 Modified: 6/10/2026
— PyPI
PYSEC-2018-50 · CVE-2017-7893, GHSA-g283-88v5-rmq2 Modified: 6/10/2026
— PyPI
PYSEC-2019-119 · CVE-2019-1010259, GHSA-h8xp-h3jf-wv4v Modified: 6/10/2026
— PyPI
PYSEC-2020-102 · CVE-2020-11651, GHSA-pjhf-vpx3-33r3 Modified: 6/10/2026
— PyPI
PYSEC-2020-103 · CVE-2020-11652, GHSA-vp49-2g4r-m3x3 Modified: 6/10/2026
— PyPI
PYSEC-2020-104 · CVE-2020-16846, GHSA-qr38-h96j-2j3w Modified: 6/10/2026
— PyPI
PYSEC-2020-105 · CVE-2020-17490, GHSA-3c56-vx6v-q5vh Modified: 6/10/2026
— PyPI
PYSEC-2020-106 · CVE-2020-25592, GHSA-29j3-2446-5j4w Modified: 6/10/2026
— PyPI
PYSEC-2020-177 · CVE-2019-17361, GHSA-q53j-p6r2-g2v4 Modified: 6/10/2026