Security
Headlines

Headlines Latest CVEs

Headline

GHSA-jqfc-9q34-prhg: trytond allows remote attackers to obtain sensitive trace-back (server setup) information

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

2 days ago

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-66422

trytond allows remote attackers to obtain sensitive trace-back (server setup) information

Moderate severity GitHub Reviewed Published Nov 30, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

Package

pip trytond (pip)

Affected versions

>= 7.5.0, < 7.6.11

>= 7.1.0, < 7.4.21

>= 7.0.0, < 7.0.40

< 6.0.70

Patched versions

7.6.11

7.4.21

7.0.40

6.0.70

Description

Published to the GitHub Advisory Database

Nov 30, 2025

ghsa: Latest News

GHSA-69jw-4jj8-fcxm: gokey allows secret recovery from a seed file without the master password

57 minutes ago

GHSA-g2jx-37x6-6438: arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

58 minutes ago

GHSA-8fr4-5q9j-m8gm: vLLM vulnerable to remote code execution via transformers_utils/get_config

1 hour ago

GHSA-9h52-p55h-vw2f: Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

2 hours ago

GHSA-w48q-cv73-mx4w: Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

2 hours ago