pypi

5,010 tracked vulnerabilities.

CVE-2023-35908 MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22888 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22887 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-37271 HIGH
RestrictedPython <6.1, 5.3 - Code Injection
Jul 11, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-37659 CRITICAL
xalpha 0.11.4 - Remote Code Execution
Jul 11, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-36829 MEDIUM
Sentry 23.6.0-23.6.2 - Permissive Cross-domain Security Policy via Origin Header
Jul 06, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-29824 CRITICAL
scipy < 1.8.0 - Use-After-Free in Py_FindObjects()
Jul 06, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-35934 MEDIUM
yt-dlp <2023.07.06 - Cookie Leakage via Download Redirects and Fragments
Jul 06, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-36830 MEDIUM
sqlfluff < 2.1.2 - Remote Code Execution via library_path Config Injection
Jul 06, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-36189 HIGH
langchain <0.0.247 - Info Disclosure
Jul 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-36188 CRITICAL
langchain 0.0.64 - Remote Code Execution via PALChain Parameter
Jul 06, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-36827 HIGH
Fides < 2.15.1 - Path Traversal
Jul 05, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-36809 HIGH
Kiwi TCMS < 12.5 - Unrestricted Upload of File with Dangerous Type via Nginx Configuration
Jul 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-34457 MEDIUM
MechanicalSoup < 1.3.0 - Arbitrary File Read via Malicious HTML Form File Input
Jul 05, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-25399 MEDIUM
scipy < 1.10.0 - Use-After-Free in Py_FindObjects
Jul 05, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-36258 CRITICAL
LangChain < 0.0.236 - Remote Code Execution via Python Code Injection
Jul 03, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-36814 HIGH
Products.CMFCore < 3.2 - Unauthenticated Denial of Service via Marshal Module Input Handling
Jul 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-36053 HIGH
Django 3.2-3.2.19, 4.0-4.1.9, 4.2-4.2.2 - Regular Expression Denial of Service in EmailValidator and URLValidator
Jul 03, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-35797 CRITICAL
Apache Airflow Hive Provider < 6.1.1 - Remote Code Execution via Principal Parameter
Jul 03, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-31543 CRITICAL
pipreqs 0.3.0-0.4.11 - Dependency Confusion via PyPI Package Upload
Jun 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-37365 MEDIUM
hnswlib 0.7.0 - Double Free in init_index
Jun 30, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-36810 MEDIUM
pypdf < 1.27.8 - Denial of Service via Crafted PDF
Jun 30, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-36807 MEDIUM
pypdf 2.10.5 - Denial of Service via Infinite Loop in PDF Metadata Extraction
Jun 30, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-22886 HIGH
Apache Airflow JDBC Provider < 4.0.0 - Remote Code Execution via JDBC Connection URL Parameter
Jun 29, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-36464 MEDIUM
pypdf < 3.9.0 - Denial of Service via Infinite Loop in Content Stream Parser
Jun 27, 2023
CVSS 6.2
EPSS 0.00