{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T19:22:09.456","vulnerabilities":[{"cve":{"id":"CVE-2026-32722","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T22:16:24.670","lastModified":"2026-03-19T19:21:28.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript execution when a victim opened the generated report in a browser. Version 1.19.2 fixes the issue."},{"lang":"es","value":"Memray es un perfilador de memoria para Python. Antes de Memray 1.19.2, Memray renderizaba la línea de comandos del proceso rastreado directamente en los informes HTML generados sin escapar. Debido a que no había escape, los argumentos de línea de comandos controlados por el atacante se insertaban como HTML sin procesar en el informe generado. Esto permitía la ejecución de JavaScript cuando una víctima abría el informe generado en un navegador. La versión 1.19.2 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bloomberg:memray:*:*:*:*:*:python:*:*","versionEndExcluding":"1.19.2","matchCriteriaId":"09B42289-015F-4BFB-9F71-1299C86C535D"}]}]}],"references":[{"url":"https://github.com/bloomberg/memray/commit/ba6e4e2e9930f9641bed7adfdf43c8e2545ce249","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/bloomberg/memray/releases/tag/v1.19.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/bloomberg/memray/security/advisories/GHSA-r5pr-887v-m2w9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}