pypi

5,010 tracked vulnerabilities.

CVE-2022-23530 MEDIUM
GuardDog < 0.1.8 - Arbitrary File Write via Tarball Extraction
Dec 16, 2022
CVSS 5.8
EPSS 0.01
CVE-2022-4527 LOW
collective.task < 3.0.9 - Cross-Site Scripting in AssignedGroupColumn Table Renderer
Dec 15, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-4526 LOW
django-photologue < 3.16 - Cross-Site Scripting in Photo Detail Template Caption
Dec 15, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-4495 LOW
collective.dms.basecontent < 1.7 - Cross-Site Scripting in renderCell Function
Dec 14, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-4223 HIGH NUCLEI
pgAdmin 4 < 6.17 - Unauthenticated Remote Code Execution via External Utility Path Validation API
Dec 13, 2022
CVSS 8.8
EPSS 0.80
CVE-2022-4314 CRITICAL
ikus060/rdiffweb <2.5.2 - Privilege Escalation
Dec 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-4396 LOW
pyrdfa3 < 3.6.2 - Cross-Site Scripting in _get_option Function
Dec 10, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-23485 MEDIUM
Sentry 20.6.0-22.10.0 - Improper Access Control via Invite Link Cookie Manipulation
Dec 10, 2022
CVSS 6.4
EPSS 0.00
CVE-2022-23491 MEDIUM
certifi 2017.11.5-2022.12.7 - Insufficient Verification of Data Authenticity
Dec 07, 2022
CVSS 6.8
EPSS 0.01
CVE-2022-46742 CRITICAL
PaddlePaddle 2.4.0-rc0 - Remote Code Execution via paddle.audio.functional.get_window
Dec 07, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-46741 HIGH
PaddlePaddle <2.4 - Info Disclosure
Dec 07, 2022
CVSS 7.1
EPSS 0.01
CVE-2022-41910 MEDIUM
TensorFlow < 2.8.4 - Out-of-bounds Read in MakeGrapplerFunctionItem
Dec 06, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-41902 HIGH
TensorFlow < 2.8.4 - Out-of-bounds Read in MakeGrapplerFunctionItem
Dec 06, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-44900 CRITICAL
Py7zr < 0.20.1 - Path Traversal
Dec 06, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-23472 MEDIUM
Passeo < 1.0.5 - Use of Cryptographically Weak PRNG
Dec 06, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-24439 HIGH
GitPython <3.1.30 - Remote Code Execution via Malicious Clone URL
Dec 06, 2022
CVSS 8.1
EPSS 0.05
CVE-2022-46147 HIGH
xblock-drag-and-drop-v2 < 3.0.0 - Stored Cross-Site Scripting in XBlock Fields
Nov 28, 2022
CVSS 8.4
EPSS 0.01
CVE-2022-45908 CRITICAL
PaddlePaddle < 2.4 - Remote Code Execution via get_window winstr Parameter
Nov 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-45907 CRITICAL
PyTorch < 1.13.1 - Remote Code Execution via Unsafe eval in torch.jit.annotations.parse_type_line
Nov 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-41954 LOW
mpxj < 10.14.1 - Insecure Temporary File Permissions on Unix-like Systems
Nov 25, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-2650 CRITICAL
wger-project/wger <2.2 - Info Disclosure
Nov 24, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-3500 MEDIUM
keylime < 6.5.1 - Uncaught Exception Leading to Attestation Bypass
Nov 22, 2022
CVSS 5.1
EPSS 0.00
CVE-2022-41952 MEDIUM
Synapse < 1.53.0 - Resource Exhaustion via URL Preview Media Stream Handling
Nov 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-41131 HIGH
Apache Airflow <4.1.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 7.8
EPSS 0.02
CVE-2022-40954 MEDIUM
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 5.5
EPSS 0.01