tqdm
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tqdmpage 1 of 1
- CVE-2016-10075HIGHCVSS 7.8EG 7.8✓ Fixed in 4.11.22017-01-19
vulnerable: 1.0 ... 4.9.0 (32 versions)
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
- CVE-2024-34062MEDIUMCVSS 4.8EG 4.8✓ Fixed in 4.66.32024-05-03
vulnerable: 4.10.0 ... 4.9.0 (122 versions)
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally ex…
Check whether tqdm is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tqdm CVEs against the assets you own.
Start Free Scan →