pypi

5,010 tracked vulnerabilities.

CVE-2023-30620 HIGH
mindsdb < 23.2.1.0 - Path Traversal via TarSlip in Tarfile Extraction
Apr 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30798 HIGH
Starlette < 0.25.0 - Unauthenticated Denial of Service via MultipartParser
Apr 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-2228 MEDIUM
modoboa < 2.1.0 - Cross-Site Request Forgery
Apr 21, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-2227 CRITICAL NUCLEI
modoboa < 2.1.0 - Improper Authorization
Apr 21, 2023
CVSS 9.1
EPSS 0.44
CVE-2023-28459 MEDIUM
pretalx < 2.3.2 - Path Traversal via HTML Export Feature
Apr 20, 2023
CVSS 6.5
EPSS 0.07
CVE-2023-28458 MEDIUM
Pretalx Limited File Write to Remote Code Execution
Apr 20, 2023
CVSS 4.3
EPSS 0.03
CVE-2023-30797 HIGH
Netflix Lemur <1.3.2 - Info Disclosure
Apr 19, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30608 MEDIUM
sqlparse >=0.1.15 <0.4.4 - Denial of Service via Inefficient Regular Expression
Apr 18, 2023
CVSS 5.5
EPSS 0.01
CVE-2023-2160 MEDIUM
modoboa/modoboa <2.1.0 - Info Disclosure
Apr 18, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-27525 LOW
Apache Superset <= 2.0.1 - Authenticated Metadata Exposure via Non-Trivial Methods
Apr 17, 2023
CVSS 3.1
EPSS 0.01
CVE-2023-25504 MEDIUM
Apache Superset <= 2.0.1 - Authenticated Server-Side Request Forgery via Import Dataset Feature
Apr 17, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-22946 MEDIUM
Apache Spark < 3.4.0 - Privilege Escalation via Malicious Classpath Configuration
Apr 17, 2023
CVSS 6.4
EPSS 0.01
CVE-2023-24831 CRITICAL
Apache IoTDB Grafana Connector 0.13.0-0.13.3 - Unauthenticated Authentication Bypass
Apr 17, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-2106 CRITICAL
janeczku/calibre-web <0.6.20 - Info Disclosure
Apr 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-29005 HIGH
Flask-AppBuilder < 4.3.0 - Unauthenticated Credential Brute-Force via Missing Rate Limiting
Apr 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25392 MEDIUM
Allegro BigFlow < 1.6 - Improper Certificate Validation
Apr 10, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-28710 HIGH
Apache Airflow Spark Provider <4.0.1 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28707 HIGH
Apache Airflow Drill Provider <2.3.2 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28706 CRITICAL
Apache Airflow Hive Provider <6.0.0 - Code Injection
Apr 07, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-29374 CRITICAL
LangChain <0.0.131 - Code Injection
Apr 05, 2023
CVSS 9.8
EPSS 0.40
CVE-2023-28837 MEDIUM
Wagtail < 4.1.4 and 4.2-4.2.2 - Authenticated Denial of Service via Large File Upload
Apr 03, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-28836 MEDIUM
Wagtail 1.5-4.1.4 - Stored Cross-Site Scripting in ModelAdmin ChooseParentView and InspectView
Apr 03, 2023
CVSS 6.4
EPSS 0.01
CVE-2023-26112 LOW
configobj < 5.0.9 - Regular Expression Denial of Service via Validate Function
Apr 03, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-1712 CRITICAL
GitHub deepset-ai/haystack <0.1.30 - Info Disclosure
Mar 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-27489 HIGH
Kiwi TCMS < 12.1 - Stored Cross-Site Scripting via SVG File Upload
Mar 29, 2023
CVSS 7.6
EPSS 0.00