pypi

5,010 tracked vulnerabilities.

CVE-2023-28370 MEDIUM
Tornado < 6.3.2 - Unauthenticated Open Redirect via Crafted URL
May 25, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-32675 LOW
vyperlang/vyper < 0.3.8 - Incorrect Fund Transfer via Nonpayable Default Function
May 19, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-2800 MEDIUM
huggingface/transformers <4.30.0 - Info Disclosure
May 18, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-2780 CRITICAL NUCLEI
MLflow < 2.3.1 - Path Traversal via Backslash-Dot-Dot-Slash Sequence
May 17, 2023
CVSS 9.8
EPSS 0.06
CVE-2023-32309 HIGH
PyMdown Extensions 1.5.0-9.9.9 - Arbitrary File Read via Snippets Include Syntax
May 15, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-32758 HIGH
git-url-parse < 1.2.2 - Regular Expression Denial of Service via URL Parsing
May 15, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32303 MEDIUM
Planet < 2.0.1 - Incorrect Permission Assignment for Critical Resource
May 12, 2023
CVSS 5.2
EPSS 0.00
CVE-2023-32059 HIGH
vyper < 0.3.8 - Incorrect Internal Call Argument Ordering
May 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32058 HIGH
vyper < 0.3.8 - Integer Overflow in Loop Iterator Assignment
May 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31146 HIGH
vyper < 0.3.8 - Out-of-bounds Write via Dynamic Array Assignment
May 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30172 HIGH
MLflow < 2.0.1 - Path Traversal via /get-artifact API Path Parameter
May 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32076 MEDIUM
in-toto < 1.4.0 - Configuration Manipulation via .in_totorc File
May 10, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-31143 MEDIUM
Mage-ai <0.8.72 - Privilege Escalation
May 09, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-30837 HIGH
vyper < 0.3.8 - Memory Allocation with Excessive Size Value
May 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25754 CRITICAL
Apache Airflow <2.6.0 - Privilege Escalation
May 08, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-29247 MEDIUM
Apache Airflow < 2.6.0 - Stored Cross-Site Scripting in Task Instance Details Page
May 08, 2023
CVSS 5.4
EPSS 0.02
CVE-2023-31047 CRITICAL
Django <3.2.19, <4.1.9, <4.2.1 - Auth Bypass
May 07, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-30861 HIGH
Flask < 2.2.5 and 2.3.0-2.3.2 - Session Cookie Exposure via Caching Proxy
May 02, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32007 HIGH
Apache Spark UI - Privilege Escalation
May 02, 2023
CVSS 8.8
EPSS 0.76
CVE-2023-2356 HIGH NUCLEI
mlflow/mlflow <2.3.1 - Path Traversal
Apr 28, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-30629 HIGH
vyper 0.3.1-0.3.7 - Always-Incorrect Control Flow Implementation in raw_call
Apr 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30613 HIGH
Kiwi TCMS < 12.2 - Unrestricted Upload of Dangerous File Types
Apr 24, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-30544 LOW
Kiwi TCMS < 12.2 - Unauthenticated Email Address Update via My Profile Admin Page
Apr 24, 2023
CVSS 3.9
EPSS 0.00
CVE-2023-30776 MEDIUM
Apache Superset 1.3.0-2.0.1 - Authenticated Database Password Exposure via REST API
Apr 24, 2023
CVSS 4.9
EPSS 0.02
CVE-2023-27524 HIGH KEVNUCLEI
Apache Superset Signed Cookie Priv Esc
Apr 24, 2023
CVSS 8.9
EPSS 0.97