tilde-lab / quantum_esperanto Goto Github PK
View Code? Open in Web Editor NEWVery fast parser for the XML logs produced with the VASP, Vienna Ab initio Simulation Package
License: MIT License
Very fast parser for the XML logs produced with the VASP, Vienna Ab initio Simulation Package
License: MIT License
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/f4/1c/82d74b4527edca7218cc7d840c8b5e83cb32eacc194e7425fc2f346d4d76/lxml-4.3.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
Found in base branch: master
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Publish Date: 2020-12-03
URL: CVE-2020-27783
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1901633
Release Date: 2020-12-03
Fix Resolution: 4.6.1
Step up your Open Source Security Game with Mend here
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/f4/1c/82d74b4527edca7218cc7d840c8b5e83cb32eacc194e7425fc2f346d4d76/lxml-4.3.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
Found in HEAD commit: d18505a648a05289a7aac926f14f8b2cf6b2c4e9
Found in base branch: master
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
Publish Date: 2021-03-21
URL: CVE-2021-28957
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jq4v-f5q6-mjqq
Release Date: 2021-03-21
Fix Resolution: 4.6.2
Step up your Open Source Security Game with Mend here
NumPy is the fundamental package for array computing with Python.
path: /quantum_esperanto
Library home page: https://files.pythonhosted.org/packages/ad/15/690c13ae714e156491392cdbdbf41b485d23c285aa698239a67f7cfc9e0a/numpy-1.16.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.
Publish Date: 2019-01-16
URL: CVE-2019-6446
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/f4/1c/82d74b4527edca7218cc7d840c8b5e83cb32eacc194e7425fc2f346d4d76/lxml-4.3.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
Found in HEAD commit: d18505a648a05289a7aac926f14f8b2cf6b2c4e9
Found in base branch: master
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
Publish Date: 2021-12-13
URL: CVE-2021-43818
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-55x5-fj6c-h6m8
Release Date: 2021-12-13
Fix Resolution: 4.6.5
Step up your Open Source Security Game with Mend here
The bot created this issue to inform you that pyup.io has been set up on this repo.
Once you have closed it, the bot will open pull requests for updates as soon as they are available.
$ pip install quantum_esperanto
Collecting quantum_esperanto
ERROR: Command errored out with exit status 1:
...
File "/tmp/pip-install-zqj8zeck/quantum-esperanto/setup.py", line 30, in <module>
exts = cythonize([vasp_ext])
File "/home/Evgeny/worldmaterials/mpds-aiida/lib/python3.8/site-packages/Cython/Build/Dependencies.py", line 959, in cythonize
module_list, module_metadata = create_extension_list(
File "/home/Evgeny/worldmaterials/mpds-aiida/lib/python3.8/site-packages/Cython/Build/Dependencies.py", line 810, in create_extension_list
for file in nonempty(sorted(extended_iglob(filepattern)), "'%s' doesn't match any files" % filepattern):
File "/home/Evgeny/worldmaterials/mpds-aiida/lib/python3.8/site-packages/Cython/Build/Dependencies.py", line 109, in nonempty
raise ValueError(error_msg)
ValueError: 'src/vasp.pyx' doesn't match any files
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
How our work is different from https://github.com/aiida-vasp/parsevasp ?
$ pip3 install --upgrade quantum_esperanto
does not work (problem with cythonize), but
$ pip3 install --upgrade git+https://github.com/tilde-lab/quantum_esperanto
works.
(Python 3.8.3)
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/f4/1c/82d74b4527edca7218cc7d840c8b5e83cb32eacc194e7425fc2f346d4d76/lxml-4.3.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
Found in HEAD commit: d18505a648a05289a7aac926f14f8b2cf6b2c4e9
Found in base branch: master
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
Publish Date: 2022-07-05
URL: CVE-2022-2309
Base Score Metrics:
Step up your Open Source Security Game with Mend here
NumPy is the fundamental package for array computing with Python.
Library home page: https://files.pythonhosted.org/packages/ad/15/690c13ae714e156491392cdbdbf41b485d23c285aa698239a67f7cfc9e0a/numpy-1.16.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
Found in HEAD commit: d18505a648a05289a7aac926f14f8b2cf6b2c4e9
Found in base branch: master
** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.
Mend Note: After conducting further research, Mend has determined that numpy versions before 1.21.0 are vulnerable to CVE-2021-33430
Publish Date: 2021-12-17
URL: CVE-2021-33430
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-33430
Release Date: 2021-12-17
Fix Resolution: 1.21.0
Step up your Open Source Security Game with Mend here
NumPy is the fundamental package for array computing with Python.
Path to dependency file: /tmp/ws-scm/quantum_esperanto
Path to vulnerable library: /tmp/ws-scm/quantum_esperanto
Dependency Hierarchy:
NumPy is the fundamental package for array computing with Python.
Library home page: https://files.pythonhosted.org/packages/ad/15/690c13ae714e156491392cdbdbf41b485d23c285aa698239a67f7cfc9e0a/numpy-1.16.1-cp35-cp35m-manylinux1_x86_64.whl
Dependency Hierarchy:
Found in HEAD commit: d18505a648a05289a7aac926f14f8b2cf6b2c4e9
Found in base branch: master
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
Mend Note: After conducting further research, Mend has determined that versions 1.12.0 through 1.21.6 of numpy are vulnerable to CVE-2021-34141
Publish Date: 2021-12-17
URL: CVE-2021-34141
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141
Release Date: 2021-12-17
Fix Resolution: 1.22.0
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.