{"id":"PYSEC-2026-498","summary":"Code Injection in pyload-ng","details":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.","aliases":["CVE-2023-0297","GHSA-pf38-5p22-x6h6"],"modified":"2026-06-29T12:15:41.603930824Z","published":"2026-06-29T11:50:44.189733Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0297"},{"type":"WEB","url":"https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"},{"type":"WEB","url":"https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65"},{"type":"WEB","url":"http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html"},{"type":"WEB","url":"http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html"},{"type":"PACKAGE","url":"https://pypi.org/project/pyload-ng"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-pf38-5p22-x6h6"}],"affected":[{"package":{"name":"pyload-ng","ecosystem":"PyPI","purl":"pkg:pypi/pyload-ng"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.0b3.dev31"}]}],"versions":["0.5.0a5.dev528","0.5.0a5.dev532","0.5.0a5.dev535","0.5.0a5.dev536","0.5.0a5.dev537","0.5.0a5.dev539","0.5.0a5.dev540","0.5.0a5.dev545","0.5.0a5.dev562","0.5.0a5.dev564","0.5.0a5.dev565","0.5.0a6.dev570","0.5.0a6.dev578","0.5.0a6.dev587","0.5.0a7.dev596","0.5.0a8.dev602","0.5.0a9.dev615","0.5.0a9.dev629","0.5.0a9.dev632","0.5.0a9.dev641","0.5.0a9.dev643","0.5.0a9.dev655","0.5.0a9.dev806","0.5.0b1.dev1","0.5.0b1.dev2","0.5.0b1.dev3","0.5.0b1.dev4","0.5.0b1.dev5","0.5.0b2.dev10","0.5.0b2.dev11","0.5.0b2.dev12","0.5.0b2.dev9","0.5.0b3.dev13","0.5.0b3.dev14","0.5.0b3.dev17","0.5.0b3.dev18","0.5.0b3.dev19","0.5.0b3.dev20","0.5.0b3.dev21","0.5.0b3.dev22","0.5.0b3.dev24","0.5.0b3.dev26","0.5.0b3.dev27","0.5.0b3.dev28","0.5.0b3.dev29","0.5.0b3.dev30"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyload-ng/PYSEC-2026-498.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}