distributed

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting distributedpage 1 of 1

CVE-2021-42343CRITICALCVSS 9.8EG 9.8✓ Fixed in 2021.10.0
2021-10-26
vulnerable: 1.0.0 ... 2021.9.1 (157 versions)
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly…
CVE-2026-23528MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2026.1.0
2026-01-16
vulnerable: 1.0.0 ... 2025.9.2 (259 versions)
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupy…

Check whether distributed is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for distributed CVEs against the assets you own.

Start Free Scan →