pymatgen

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pymatgenpage 1 of 1

CVE-2022-42964MEDIUMCVSS 5.9EG 5.9
2022-11-09
vulnerable: 1.0.4 ... 4.7.7 (341 versions)
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method
CVE-2024-23346CRITICALCVSS 9.3EG 9.3✓ Fixed in 2024.2.20
2024-02-21
vulnerable: 1.0.4 ... 4.7.7 (373 versions)
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prio…

Check whether pymatgen is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pymatgen CVEs against the assets you own.

Start Free Scan →