pypi

5,010 tracked vulnerabilities.

CVE-2023-35798 MEDIUM
Apache Airflow ODBC Provider < 4.0.0 and MSSQL Provider < 3.4.1 - Improper Input Validation in get_sqlalchemy_connection
Jun 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-34395 HIGH
Apache Airflow ODBC Provider < 4.0.0 - Command Injection via ODBC Driver Parameters
Jun 27, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-35932 HIGH
jcvi < 1.3.5 - Configuration Injection
Jun 23, 2023
CVSS 7.1
EPSS 0.02
CVE-2023-34110 LOW
Flask-AppBuilder <4.3.2 - Info Disclosure
Jun 22, 2023
CVSS 2.7
EPSS 0.01
CVE-2023-34541 CRITICAL
Langchain <0.0.171 - Code Injection
Jun 20, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-35005 MEDIUM
Apache Airflow 2.5.0-2.6.1 - Exposure of Sensitive Information via Configuration UI
Jun 19, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-34540 CRITICAL
langchain < 0.0.225 - Remote Code Execution via JiraAPIWrapper
Jun 14, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-32732 MEDIUM
gRPC < 1.53.0 - Denial of Service via Base64 Encoding Error in -bin Headers
Jun 09, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-32731 HIGH
gRPC 1.53.0-1.54.3 - HPACK Table Desynchronization via Header Size Exceeded Error
Jun 09, 2023
CVSS 7.4
EPSS 0.01
CVE-2023-1428 HIGH
grpc 1.51.0-1.52.4 - Reachable Assertion via Malformed HTTP/2 Headers
Jun 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-34233 HIGH
Snowflake Connector for Python < 3.0.2 - Remote Code Execution via SSO Browser URL Authentication
Jun 08, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-34239 HIGH
Gradio < 3.34.0 - Path Traversal and Server-Side Request Forgery
Jun 08, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-33977 HIGH
Kiwi TCMS < 12.4 - Stored Cross-Site Scripting via File Upload Bypass
Jun 06, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-32683 LOW
Synapse < 1.85.0 - Server-Side Request Forgery via URL Preview Bypass
Jun 06, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-32682 MEDIUM
Synapse < 1.85.0 - Improper Authentication via Uncommon Configuration
Jun 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-33733 HIGH
reportlab < 3.6.12 - Remote Code Execution via Crafted PDF File
Jun 05, 2023
CVSS 7.8
EPSS 0.02
CVE-2023-29159 HIGH
Starlette 0.13.5-0.26.9 - Unauthenticated Path Traversal
Jun 01, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-33234 HIGH
Apache Airflow CNCF Kubernetes Provider <5.0.0 - RCE
May 30, 2023
CVSS 7.2
EPSS 0.02
CVE-2023-2970 LOW
MindSpore 2.0.0-alpha/2.0.0-rc1 - Memory Corruption in JsonHelper::UpdateArray
May 30, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-33175 CRITICAL
toui 2.0.1-2.4.0 - Unauthenticated Remote Code Execution via Flask-Caching SimpleCache
May 30, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-32686 HIGH
Kiwi TCMS < 12.3 - Unrestricted Upload of Dangerous File Types
May 27, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-32321 CRITICAL
CKAN 2.9.0-2.9.8 - Remote Code Execution via ResourceUploader Arbitrary File Write
May 26, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-33185 MEDIUM
django-ses < 3.5.0 - Improper Verification of Cryptographic Signature in SESEventWebhookView
May 26, 2023
CVSS 4.6
EPSS 0.00
CVE-2023-32681 MEDIUM
Requests 2.3.0-2.31.0 - Proxy-Authorization Header Leak via HTTPS Redirect
May 26, 2023
CVSS 6.1
EPSS 0.03
CVE-2023-32323 MEDIUM
Synapse <= 1.73 - Denial of Service via Oversized invite_room_state Field
May 26, 2023
CVSS 5.0
EPSS 0.01