luigi

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting luigipage 1 of 1

CVE-2018-1000843HIGHCVSS 8.8EG 8.8✓ Fixed in 2.8.0
2018-12-20
vulnerable: 1.0 ... 2.7.9 (54 versions)
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result i…
CVE-2024-21542HIGHCVSS 8.6EG 8.6✓ Fixed in 3.6.0
2024-12-10
vulnerable: 1.0 ... 3.5.2 (83 versions)
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.

Check whether luigi is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for luigi CVEs against the assets you own.

Start Free Scan →