{"id":2886528,"name":"python-apt","ecosystem":"pypi","description":"Python bindings for libapt.","homepage":"https://launchpad.net/python-apt/","licenses":"GNU General Public License v2 (GPLv2)","normalized_licenses":["GPL-1.0"],"repository_url":null,"keywords_array":["apt","dpkg"],"namespace":null,"versions_count":2,"first_release_published_at":"2015-10-14T15:44:11.000Z","latest_release_published_at":"2015-10-14T16:04:55.000Z","latest_release_number":"0.7.8","last_synced_at":"2026-04-14T16:13:17.321Z","created_at":"2022-04-10T12:20:20.685Z","updated_at":"2026-04-14T16:13:17.321Z","registry_url":"https://pypi.org/project/python-apt/","install_command":"pip install python-apt --index-url https://pypi.org/simple","documentation_url":"https://python-apt.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 6 - Mature","Intended Audience :: Developers","License :: OSI Approved :: GNU General Public License v2 (GPLv2)"],"normalized_name":"python-apt","project_status":null},"repo_metadata":{},"repo_metadata_updated_at":"2024-09-08T05:49:58.031Z","dependent_packages_count":8,"downloads":443,"downloads_period":"last-month","dependent_repos_count":7854,"rankings":{"downloads":6.0653072440205635,"dependent_repos_count":0.1026627433469581,"dependent_packages_count":1.2477408790676106,"stargazers_count":null,"forks_count":null,"docker_downloads_count":0.015647481327975023,"average":1.8578395869407769},"purl":"pkg:pypi/python-apt","advisories":[{"uuid":"GSA_kwCzR0hTQS1wajY1LTNwZjYtYzVxNM4AAkEJ","url":"https://github.com/advisories/GHSA-pj65-3pf6-c5q4","title":"python-apt Does Not Check Hash Signature","description":"Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-24T17:12:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.7,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-15796","https://usn.ubuntu.com/4247-1/","https://usn.ubuntu.com/4247-3/","https://github.com/advisories/GHSA-pj65-3pf6-c5q4"],"source_kind":"github","identifiers":["GHSA-pj65-3pf6-c5q4","CVE-2019-15796"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-18T23:04:31.712Z","updated_at":"2026-04-14T15:07:41.663Z","epss_percentage":0.00174,"epss_percentile":0.39188,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wajY1LTNwZjYtYzVxNM4AAkEJ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wajY1LTNwZjYtYzVxNM4AAkEJ","packages":[{"ecosystem":"pypi","package_name":"python-apt","versions":[{"first_patched_version":"1.9.5","vulnerable_version_range":"\u003e= 1.9.1, \u003c 1.9.5"},{"first_patched_version":"1.9.0ubuntu1.2","vulnerable_version_range":"\u003e= 1.7.0, \u003c 1.9.0ubuntu1.2"},{"first_patched_version":"1.6.5ubuntu0.1","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.6.5ubuntu0.1"},{"first_patched_version":"0.9.3.5ubuntu3","vulnerable_version_range":"\u003e= 0.9.0, \u003c 0.9.3.5ubuntu3"},{"first_patched_version":"0.8.3ubuntu7.5","vulnerable_version_range":"\u003c 0.8.3ubuntu7.5"}],"purl":"pkg:pypi/python-apt"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wajY1LTNwZjYtYzVxNM4AAkEJ/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ycDhtLWgyNjYtNTNqaM4AAkEQ","url":"https://github.com/advisories/GHSA-rp8m-h266-53jh","title":"python-apt Flawed Package Integrity Check","description":"python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-24T17:12:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.7,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-15795","https://usn.ubuntu.com/4247-1/","https://usn.ubuntu.com/4247-3/","https://github.com/advisories/GHSA-rp8m-h266-53jh"],"source_kind":"github","identifiers":["GHSA-rp8m-h266-53jh","CVE-2019-15795"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-18T23:04:31.724Z","updated_at":"2026-04-14T15:07:43.199Z","epss_percentage":0.00184,"epss_percentile":0.40425,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycDhtLWgyNjYtNTNqaM4AAkEQ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ycDhtLWgyNjYtNTNqaM4AAkEQ","packages":[{"ecosystem":"pypi","package_name":"python-apt","versions":[{"first_patched_version":"1.9.0ubuntu1.2","vulnerable_version_range":"\u003e= 1.7.0, \u003c 1.9.0ubuntu1.2"},{"first_patched_version":"1.6.5ubuntu0.1","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.6.5ubuntu0.1"},{"first_patched_version":"1.1.0","vulnerable_version_range":"\u003e= 1.0.0, \u003c 1.1.0"},{"first_patched_version":"0.9.3.5ubuntu3","vulnerable_version_range":"\u003e= 0.9.0, \u003c 0.9.3.5ubuntu3"},{"first_patched_version":"0.8.3ubuntu7.5","vulnerable_version_range":"\u003c 0.8.3ubuntu7.5"}],"purl":"pkg:pypi/python-apt"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycDhtLWgyNjYtNTNqaM4AAkEQ/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/python-apt","docker_dependents_count":8840,"docker_downloads_count":3812302711,"usage_url":"https://repos.ecosyste.ms/usage/pypi/python-apt","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/python-apt/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-apt/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-apt/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-apt/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-apt/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-apt/codemeta","maintainers":[{"uuid":"jak","login":"jak","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/jak/","role":null,"created_at":"2023-01-17T04:26:39.431Z","updated_at":"2023-01-17T04:26:39.431Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/jak/packages"},{"uuid":"jamesw","login":"jamesw","name":null,"email":null,"url":null,"packages_count":15,"html_url":"https://pypi.org/user/jamesw/","role":null,"created_at":"2023-01-17T04:26:39.438Z","updated_at":"2023-01-17T04:26:39.438Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/jamesw/packages"},{"uuid":"mvogt","login":"mvogt","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/mvogt/","role":null,"created_at":"2023-01-17T04:26:39.443Z","updated_at":"2023-01-17T04:26:39.443Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/mvogt/packages"}]}