pypi

5,010 tracked vulnerabilities.

CVE-2022-41880 MEDIUM
TensorFlow < 2.8.4, 2.9.0-2.9.2, 2.10.0 - Heap Out-of-Bounds Read in BaseCandidateSamplerOp
Nov 18, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-41883 MEDIUM
TensorFlow 2.8.0-2.10.0 - Out-of-bounds Read in Dynamic Stitch Op
Nov 18, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-43171 MEDIUM
LIEF < 0.12.3 - Denial of Service via Crafted MachO File
Nov 17, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-4018 MEDIUM
GitHub rdiffweb <2.5.0a6 - Info Disclosure
Nov 16, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-45402 MEDIUM
Apache Airflow < 2.4.3 - Open Redirect via Login Endpoint
Nov 15, 2022
CVSS 6.1
EPSS 0.82
CVE-2022-3362 CRITICAL
GitHub rdiffweb <2.5.0 - Info Disclosure
Nov 14, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40127 HIGH NUCLEI
Apache Airflow < 2.4.0 - Authenticated Remote Code Execution via Run ID Parameter
Nov 14, 2022
CVSS 8.8
EPSS 0.86
CVE-2022-27949 HIGH
Apache Airflow < 2.3.1 - Unauthenticated Exposure of Sensitive Information in Task Template Rendering
Nov 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-45199 HIGH
Pillow < 9.3.0 - Denial of Service via SAMPLESPERPIXEL
Nov 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45198 HIGH
Pillow < 9.2.0 - Denial of Service via Highly Compressed GIF Data
Nov 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-41905 HIGH
wsgidav 3.0.0-4.0.9 - Cross-Site Scripting via Directory Browsing
Nov 11, 2022
CVSS 8.2
EPSS 0.00
CVE-2022-41892 HIGH
Arches < 6.1.1, 6.1.2-6.2.1, 7.1.2 - SQL Injection
Nov 11, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-44244 MEDIUM
Lin-CMS <0.2.1 - Privilege Escalation
Nov 09, 2022
CVSS 6.6
EPSS 0.01
CVE-2022-42966 MEDIUM
cleo < 2.0.0 - Regular Expression Denial of Service via Table.set_rows Method
Nov 09, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-42965 LOW
snowflake-connector-python < 2.8.2 - Regular Expression Denial of Service via get_file_transfer_type
Nov 09, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-42964 MEDIUM
pymatgen - Denial of Service via GaussianInput.from_string ReDoS
Nov 09, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-33684 HIGH
Apache Pulsar C++ Client - Man-in-the-Middle
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-43985 MEDIUM
Apache Airflow <2.4.2 - Open Redirect
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-43982 MEDIUM
Apache Airflow < 2.4.2 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-31777 MEDIUM
Apache Spark < 3.2.2 - Stored Cross-Site Scripting via Log Rendering
Nov 01, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-44020 MEDIUM
OpenStack Sushy-Tools <0.21.0-VirtualBMC <2.2.2 - Info Disclosure
Oct 30, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-39366 CRITICAL
DataHub < 0.8.45 - Authentication Bypass via Missing JWT Signature Verification
Oct 28, 2022
CVSS 9.9
EPSS 0.01
CVE-2022-3697 HIGH
Ansible amazon.aws Collection - Sensitive Information Exposure via tower_callback Parameter
Oct 28, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-3363 CRITICAL
ikus060/rdiffweb <2.5.0a7 - Info Disclosure
Oct 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-39348 MEDIUM
Twisted 0.9.4-22.10.0rc1 - Cross-Site Scripting via Host Header in NameVirtualHost
Oct 26, 2022
CVSS 5.4
EPSS 0.01