Package impact
PyPI / lemur
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44304 | high | 8.1 | 8.1 | 28d ago | Lemur: LDAP Filter Injection enables post-authentication privilege escalation | |||
| CVE-2015-7764 | high | 7.5 | 7.5 | 9y ago | Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | |||
| CVE-2026-44305 | medium | 6.8 | 6.8 | 22d ago | Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled | |||
| CVE-2023-30797 | unknown | — | — | 3y ago | Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain ac… |