pypi

5,010 tracked vulnerabilities.

CVE-2023-1176 LOW
MLflow < 2.2.2 - Absolute Path Traversal
Mar 24, 2023
CVSS 3.3
EPSS 0.01
CVE-2023-28117 HIGH
Sentry SDK < 1.14.0 - Sensitive Cookie Value Leak via Django Integration
Mar 22, 2023
CVSS 7.6
EPSS 0.01
CVE-2023-27586 CRITICAL
CairoSVG < 2.7.0 - Server-Side Request Forgery via External Host Requests
Mar 20, 2023
CVSS 9.9
EPSS 0.01
CVE-2023-27494 MEDIUM
Streamlit 0.63.0-0.80.0 - Reflected Cross-Site Scripting via Malicious URL
Mar 16, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-25695 MEDIUM
Apache Airflow < 2.5.2 - Sensitive Information Exposure via Error Message
Mar 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-25617 CRITICAL
SAP Business Objects BI Platform 4.2/4.3 - Authenticated RCE via Program Object
Mar 14, 2023
CVSS 9.0
EPSS 0.01
CVE-2023-27476 HIGH
OWSLib < 0.28.1 - XML External Entity Injection via Unsafe XML Parser
Mar 08, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-27522 HIGH
Apache HTTP Server 2.4.30-2.4.55 - HTTP Response Smuggling via mod_proxy_uwsgi Origin Response Header
Mar 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-27891 HIGH
pretix < 4.17.1 - Insufficient Session Expiration
Mar 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22432 MEDIUM NUCLEI
web2py < 2.23.1 - Open Redirect via Crafted URL
Mar 06, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-23929 HIGH
vantage6 < 3.8.0 - Insufficient Session Expiration
Mar 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-26052 LOW
Saleor 2.0.0-3.1.47 - Unauthenticated Sensitive Information Exposure via Error Messages
Mar 02, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-26051 MEDIUM
Saleor 2.0.0-3.1.47 - Authenticated Sensitive Information Exposure via Error Messages
Mar 02, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22738 MEDIUM
vantage6 <3.8.0 - Privilege Escalation
Mar 01, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-26043 MEDIUM
GeoNode < 4.0.3 - XML External Entity Injection via Style Upload
Feb 27, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-25956 HIGH
Apache Airflow AWS Provider < 7.2.1 - Sensitive Information Exposure via Error Message
Feb 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25696 CRITICAL
Apache Airflow Hive Provider < 5.1.3 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25693 CRITICAL
Apache Airflow Sqoop Provider < 3.1.1 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25692 HIGH
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25691 CRITICAL
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25823 MEDIUM
Gradio < 3.13.1 - Use of Hard-coded Credentials via Share Link SSH Key Exposure
Feb 23, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-26303 LOW
markdown-it-py < 2.2.0 - Denial of Service via Null Assertion Bypass
Feb 23, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-26302 LOW
markdown-it-py < 2.2.0 - Denial of Service via Invalid UTF-8 Input
Feb 22, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-0949 MEDIUM
modoboa < 2.0.5 - Reflected Cross-Site Scripting
Feb 22, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-25657 HIGH
Nautobot < 1.5.7 - Remote Code Execution via Jinja2 Template Rendering
Feb 21, 2023
CVSS 7.5
EPSS 0.02