pypi

5,009 tracked vulnerabilities.

CVE-2023-32672 MEDIUM
Apache Superset <= 2.1.0 - Authenticated Incorrect Authorization in SQLLab
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-39264 MEDIUM
Apache Superset <= 2.1.0 - Sensitive Information Exposure via REST API Error Stack Traces
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-36388 MEDIUM
Apache Superset <= 2.1.0 - Authenticated Server-Side Request Forgery via Network Connection Test
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-36387 MEDIUM
Apache Superset <2.1.0 - Info Disclosure
Sep 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-27526 MEDIUM
Apache Superset <= 2.1.0 - Authenticated Incorrect Authorization via Import Charts Feature
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-27523 MEDIUM
Apache Superset <= 2.1.0 - Authenticated Improper Data Authorization in Jinja Templated Queries
Sep 06, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-20898 MEDIUM
Salt <3005.2-3006.2 - Info Disclosure
Sep 05, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-20897 MEDIUM
SaltStack Salt < 3005.2 - Denial of Service via Minion Return Request Handling
Sep 05, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41057 MEDIUM
hyper-bump-it < 0.5.1 - Path Traversal via Unchecked File Glob Pattern
Sep 04, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-41052 LOW
vyperlang/vyper < 0.3.9 and pypi/vyper < 0.3.10rc1 - Always-Incorrect Control Flow Implementation in Builtin Functions
Sep 04, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-40015 LOW
vyperlang/vyper < 0.3.9 - Always-Incorrect Control Flow Implementation
Sep 04, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-39631 CRITICAL
langchain - Remote Code Execution via Numexpr Evaluate Function
Sep 01, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-41040 MEDIUM
GitPython < 3.1.37 - Path Traversal via Unsanitized Reference File Path
Aug 30, 2023
CVSS 4.0
EPSS 0.01
CVE-2023-41039 HIGH
RestrictedPython < 5.4 - Information Disclosure via Format String Injection
Aug 30, 2023
CVSS 8.3
EPSS 0.01
CVE-2023-36811 MEDIUM
borgbackup < 1.2.5 - Cryptographic Signature Spoofing via Archive Forgery
Aug 30, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-40889 CRITICAL
ZBar 0.23.90 - Heap-Based Buffer Overflow in QR Code Reader
Aug 29, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-40170 MEDIUM
jupyter_server < 2.7.2 - Improper Access Control in Files Endpoint
Aug 28, 2023
CVSS 4.6
EPSS 0.01
CVE-2023-39968 MEDIUM
jupyter_server < 2.7.2 - Open Redirect via Malicious Login Links
Aug 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-40590 HIGH
GitPython < 3.1.32 - Untrusted Search Path via Git Executable Resolution
Aug 28, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-40195 HIGH
Apache Airflow Spark Provider < 4.1.3 - Authenticated Remote Code Execution via Malicious Spark Server
Aug 28, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-27604 HIGH
Apache Airflow Sqoop Provider < 4.0.0 - Authenticated Remote Code Execution via Sqoop Import Connection Parameters
Aug 28, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-40587 MEDIUM
Pyramid 2.0.0-2.0.1 - Path Traversal via Static View Index File Disclosure
Aug 25, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-38201 MEDIUM
Keylime < 7.5.0 - Authorization Bypass via Challenge-Response Protocol
Aug 25, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-40570 MEDIUM
Datasette 1.0a0-1.0a3 - Unauthenticated Sensitive Information Exposure via API Explorer Endpoint
Aug 25, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-40017 HIGH
GeoNode 3.2.0-4.1.2 - Server-Side Request Forgery via Proxy Endpoint
Aug 24, 2023
CVSS 7.5
EPSS 0.01