pypi

5,009 tracked vulnerabilities.

CVE-2023-40273 HIGH
Apache Airflow < 2.7.0 - Authenticated Session Fixation via Password Reset
Aug 23, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-39441 MEDIUM
Apache Airflow < 2.7.0 - Improper Certificate Validation
Aug 23, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-37379 HIGH
Apache Airflow < 2.7.0 - Authenticated Denial of Service via Connection Test Feature
Aug 23, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-36281 CRITICAL
langchain < 0.0.312 - Remote Code Execution via load_prompt JSON File
Aug 22, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-39660 CRITICAL
pandasai < 0.8.0 - Remote Code Execution via Prompt Function
Aug 21, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-40272 HIGH
Apache Airflow Spark Provider < 4.1.3 - Arbitrary File Read via Connection Parameters
Aug 17, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-39662 CRITICAL
llamaindex < 0.7.13 - Remote Code Execution via PandasQueryEngine exec Parameter
Aug 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-39661 CRITICAL
pandasai < 0.9.1 - Remote Code Execution via _is_jailbreak Function
Aug 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-39659 CRITICAL
langchain < 0.0.232 - Remote Code Execution via PythonAstREPLTool._run
Aug 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-38896 CRITICAL
Harrison Chase langchain <0.0.194 - RCE
Aug 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-38860 CRITICAL
LangChain < 0.0.247 - Remote Code Execution via Prompt Parameter
Aug 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-40024 MEDIUM
scancode.io < 32.5.2 - Cross-Site Scripting in License Details View
Aug 14, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-39553 HIGH
Apache Airflow Drill Provider < 2.4.3 - Unauthenticated Arbitrary File Read via DrillHook Connection Parameters
Aug 11, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-40267 CRITICAL
GitPython <3.1.32 - Info Disclosure
Aug 11, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-27506 MEDIUM
Intel Optimization for TensorFlow < 2.12 - Authenticated Privilege Escalation via Improper Buffer Restrictions
Aug 11, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-39531 MEDIUM
Sentry 10.0.0-23.7.1 - Improper Authentication during OAuth Token Exchange
Aug 09, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-33953 HIGH
gRPC < 1.53.2 - Denial of Service via HPACK Parser Memory and CPU Exhaustion
Aug 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38759 HIGH
wger Project wger Workout Manager 2.2.0a3 - CSRF
Aug 08, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-38758 MEDIUM
wger Project wger Workout Manager <2.2.0a3 - XSS
Aug 08, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-39523 MEDIUM
ScanCode.io < 32.5.1 - Authenticated Command Injection via Docker Reference Parameter
Aug 07, 2023
CVSS 6.8
EPSS 0.02
CVE-2023-39363 MEDIUM
vyper 0.2.15-0.3.0 - Incorrect Authorization via Named Re-entrancy Lock Allocation
Aug 07, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-39349 HIGH
Sentry 22.1.0-23.7.1 - Authenticated Token Scope Escalation via API Token Query
Aug 07, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-39508 HIGH
Apache Airflow < 2.6.0 - Authenticated Privilege Escalation and DAG Access Bypass via Run Task Feature
Aug 05, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-36095 CRITICAL
Harrison Chase langchain <0.0.194 - RCE
Aug 05, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-38699 CRITICAL
MindsDB's AI Virtual Database <23.7.4.0 - Info Disclosure
Aug 04, 2023
CVSS 9.1
EPSS 0.00