Homepage

networkx@2.5.1 vulnerabilities

Python package for creating and manipulating graphs and networks

  • latest version

    3.4.2

  • latest non vulnerable version

    3.4.2

  • first published

    17 years ago

  • latest version published

    4 months ago

  • licenses detected

  • View networkx package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the networkx package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Deserialization of Untrusted Data

    networkx is a Python package for creating and manipulating graphs and networks

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data. This package is vulnerable to arbitrary code execution via insecure YAML deserialization due to the use of a known vulnerable function load() in yaml, which is called in read_yaml() in networkx/readwrite/nx_yaml.py.

    networkx/readwrite/nx_yaml.py is deprecated and scheduled to be removed in the next release of Networkx. Users should avoid using this function completely.

    How to fix Deserialization of Untrusted Data?

    Upgrade networkx to version 2.6 or higher.

    [,2.6)
    Go back to all versions of this package