pypi

5,015 tracked vulnerabilities.

CVE-2022-36082 MEDIUM
mangadex-downloader <1.7.2 - Path Traversal
Sep 07, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36070 HIGH
Poetry < 1.1.9 - Arbitrary Code Execution via Untrusted Git Command Path Resolution
Sep 07, 2022
CVSS 7.3
EPSS 0.00
CVE-2022-36069 HIGH
Poetry < 1.1.9 - Command Injection via Git Dependency URL Argument
Sep 07, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-40023 HIGH
Mako < 1.2.2 - Regular Expression Denial of Service via Lexer Class
Sep 07, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37189 HIGH
DDMAL MEI2Volpiano < 0.8.2 - XML External Entity Injection via xml.etree Library
Sep 07, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23451 HIGH
openstack-barbican < 14.0.0 - Authenticated Incorrect Authorization in Secret Metadata API
Sep 06, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-31020 HIGH
Indy Node <1.12.4 - Authenticated RCE
Sep 06, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-38369 HIGH
Apache IoTDB 0.13.0 - Session Fixation
Sep 05, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-31152 MEDIUM
Synapse < 1.62.0 - Event Authorization Rule Bypass via Exceptional Condition Handling
Sep 02, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-38170 MEDIUM
Apache Airflow <2.3.4 - Info Disclosure
Sep 02, 2022
CVSS 4.7
EPSS 0.01
CVE-2022-38054 CRITICAL
Apache Airflow <2.3.3 - Info Disclosure
Sep 02, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-2806 MEDIUM
ovirt-log-collector/sosreport - Info Disclosure
Sep 01, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-23452 MEDIUM
OpenStack Barbican < 14.0.0 - Incorrect Authorization via Admin Role
Sep 01, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-2996 HIGH
python-scciclient < 0.12.0 - Improper Certificate Validation
Sep 01, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-0718 MEDIUM
Python Oslo-Utils - Info Disclosure
Aug 29, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-34668 CRITICAL
NVFLARE < 2.1.4 - Remote Code Execution via Pickle Deserialization
Aug 29, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-38792 CRITICAL
exotel-py 0.1.6 - Remote Code Execution via Malicious Backdoor
Aug 27, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-2255 HIGH
mod_wsgi < 4.9.3 - Unauthenticated Header Spoofing via X-Client-IP
Aug 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25304 HIGH
asyncua and opcua - Denial of Service via Unlimited Chunk Reception
Aug 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-1930 MEDIUM
eth-account < 0.5.9 - Denial of Service via encode_structured_data Method
Aug 22, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-2930 HIGH
octoprint/octoprint <1.8.3 - Info Disclosure
Aug 22, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-36024 HIGH
py-cord <2.0.1 - DoS
Aug 18, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38362 HIGH
Apache Airflow Docker <3.0.0 - Authenticated RCE
Aug 16, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-2822 HIGH
OctoPrint - Authentication Bypass via Brute Force
Aug 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-36359 HIGH
Django 3.2-3.2.15 and 4.0-4.0.7 - Reflected File Download via User-Supplied Filename in FileResponse
Aug 03, 2022
CVSS 8.8
EPSS 0.01