Top issues
Detected presence of severe vulnerabilities with active exploitation.
Causes risk: actively exploited vulnerabilities
vulnerabilities
Problem
Software composition analysis has identified a component with one or more known severe vulnerabilities. Available threat intelligence telemetry has confirmed that the reported high or critical severity vulnerabilities are actively being exploited by malicious actors.Prevalence in PyPI community
35 packages
found in
Top 100
210 packages
found in
Top 1k
1787 packages
found in
Top 10k
86.39k packages
in community
Next steps
We strongly advise updating the component to the latest version.
If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Detected presence of critical severity vulnerabilities.
Causes risk: critical severity vulnerabilities
vulnerabilities
Problem
Software composition analysis has identified a component with one or more known vulnerabilities. Based on the CVSS scoring, these vulnerabilities have been marked as critical severity.Prevalence in PyPI community
27 packages
found in
Top 100
156 packages
found in
Top 1k
1294 packages
found in
Top 10k
58.62k packages
in community
Next steps
Perform impact analysis for the reported CVEs.
We strongly advise updating the component to the latest version.
If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Detected presence of high severity vulnerabilities.
Causes risk: high severity vulnerabilities
vulnerabilities
Problem
Software composition analysis has identified a component with one or more known vulnerabilities. Based on the CVSS scoring, these vulnerabilities have been marked as high severity.Prevalence in PyPI community
42 packages
found in
Top 100
278 packages
found in
Top 1k
1960 packages
found in
Top 10k
77.08k packages
in community
Next steps
Perform impact analysis for the reported CVEs.
Update the component to the latest version.
If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Detected presence of medium severity vulnerabilities.
Causes risk: medium severity vulnerabilities
vulnerabilities
Problem
Software composition analysis has identified a component with one or more known vulnerabilities. Based on the CVSS scoring, these vulnerabilities have been marked as medium severity.Prevalence in PyPI community
36 packages
found in
Top 100
209 packages
found in
Top 1k
1750 packages
found in
Top 10k
81.53k packages
in community
Next steps
Perform impact analysis for the reported CVEs.
Update the component to the latest version.
If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Detected Linux executable files that were compiled without the recommended dynamic symbol hijacking protections.
Causes risk: execution hijacking concerns
hardening
Problem
On Linux, external symbols are resolved via the procedure linkage table (PLT) and the global offset table (GOT). Without any protection, both are writable at runtime and thus leave the executable vulnerable to pointer hijacking - an attack where the function address is overwritten with an address of a malicious function. Pointer hijacking can be mitigated by using full read-only relocations, which instruct the compiler to unify global offset tables into a single read-only table. This requires that all external function symbols are resolved at load-time instead of during execution, and may increase loading time for large programs.Prevalence in PyPI community
26 packages
found in
Top 100
135 packages
found in
Top 1k
847 packages
found in
Top 10k
17.09k packages
in community
Next steps
In most cases, it's recommended to use full read-only relocations (in GCC: -Wl,-z,relro,-z,now).
If the executable load-time is an issue, you should use partial read-only relocations.
Top behaviors
Reads data from files containing SSL certificates installed on the system.
steal
Prevalence in PyPI community
Behavior uncommon for this community (Uncommon)
2 packages
found in
Top 100
18 packages
found in
Top 1k
117 packages
found in
Top 10k
1.6k packages
in community
Queries the passwd database entry for a given user name.
steal
Prevalence in PyPI community
Behavior often found in this community (Common)
10 packages
found in
Top 100
49 packages
found in
Top 1k
275 packages
found in
Top 10k
5.88k packages
in community
Queries the passwd database entry for a given user ID.
steal
Prevalence in PyPI community
Behavior often found in this community (Common)
12 packages
found in
Top 100
75 packages
found in
Top 1k
385 packages
found in
Top 10k
8.9k packages
in community
Listens on incoming network connections.
network
Prevalence in PyPI community
Behavior often found in this community (Common)
3 packages
found in
Top 100
33 packages
found in
Top 1k
222 packages
found in
Top 10k
4.71k packages
in community
Executes a file.
execution
Prevalence in PyPI community
Behavior often found in this community (Common)
34 packages
found in
Top 100
181 packages
found in
Top 1k
1324 packages
found in
Top 10k
54.83k packages
in community
Top vulnerabilities
Vulnerability Exploitation Lifecycle
(70 Active Vulnerabilities)
41 (41 Fixable)
CVE-2015-8383c
CVE-2015-8390c
CVE-2015-8394c
29 (29 Fixable)
CVE-2015-8386c
CVE-2015-8389c
CVE-2015-8391c
None
None
Exploits Unknown
Exploits Exist
Exploited by Malware
Patching Mandated