pypi
5,010 tracked vulnerabilities.
CVE-2023-35908
MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22888
MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22887
MEDIUM
Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-37271
HIGH
RestrictedPython <6.1, 5.3 - Code Injection
Jul 11, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-37659
CRITICAL
xalpha 0.11.4 - Remote Code Execution
Jul 11, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-36829
MEDIUM
Sentry 23.6.0-23.6.2 - Permissive Cross-domain Security Policy via Origin Header
Jul 06, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-29824
CRITICAL
scipy < 1.8.0 - Use-After-Free in Py_FindObjects()
Jul 06, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-35934
MEDIUM
yt-dlp <2023.07.06 - Cookie Leakage via Download Redirects and Fragments
Jul 06, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-36830
MEDIUM
sqlfluff < 2.1.2 - Remote Code Execution via library_path Config Injection
Jul 06, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-36189
HIGH
langchain <0.0.247 - Info Disclosure
Jul 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-36188
CRITICAL
langchain 0.0.64 - Remote Code Execution via PALChain Parameter
Jul 06, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-36827
HIGH
Fides < 2.15.1 - Path Traversal
Jul 05, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-36809
HIGH
Kiwi TCMS < 12.5 - Unrestricted Upload of File with Dangerous Type via Nginx Configuration
Jul 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-34457
MEDIUM
MechanicalSoup < 1.3.0 - Arbitrary File Read via Malicious HTML Form File Input
Jul 05, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-25399
MEDIUM
scipy < 1.10.0 - Use-After-Free in Py_FindObjects
Jul 05, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-36258
CRITICAL
LangChain < 0.0.236 - Remote Code Execution via Python Code Injection
Jul 03, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-36814
HIGH
Products.CMFCore < 3.2 - Unauthenticated Denial of Service via Marshal Module Input Handling
Jul 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-36053
HIGH
Django 3.2-3.2.19, 4.0-4.1.9, 4.2-4.2.2 - Regular Expression Denial of Service in EmailValidator and URLValidator
Jul 03, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-35797
CRITICAL
Apache Airflow Hive Provider < 6.1.1 - Remote Code Execution via Principal Parameter
Jul 03, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-31543
CRITICAL
pipreqs 0.3.0-0.4.11 - Dependency Confusion via PyPI Package Upload
Jun 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-37365
MEDIUM
hnswlib 0.7.0 - Double Free in init_index
Jun 30, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-36810
MEDIUM
pypdf < 1.27.8 - Denial of Service via Crafted PDF
Jun 30, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-36807
MEDIUM
pypdf 2.10.5 - Denial of Service via Infinite Loop in PDF Metadata Extraction
Jun 30, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-22886
HIGH
Apache Airflow JDBC Provider < 4.0.0 - Remote Code Execution via JDBC Connection URL Parameter
Jun 29, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-36464
MEDIUM
pypdf < 3.9.0 - Denial of Service via Infinite Loop in Content Stream Parser
Jun 27, 2023
CVSS 6.2
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
vllm 50
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters