pypi
4,708 tracked vulnerabilities.
CVE-2024-8020
HIGH
lightning-ai/pytorch-lightning <2.3.2 - DoS
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-8019
CRITICAL
Lightning-ai/pytorch-lightning <2.3.2 - RCE
Mar 20, 2025
CVSS 9.1
EPSS 0.02
CVE-2024-7990
HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Model Description Field
Mar 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-7983
HIGH
open-webui 0.3.8 - Unauthenticated Denial of Service via Markdown to HTML Conversion
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-7959
HIGH
open-webui 0.3.8 - Server-Side Request Forgery via OpenAI URL Parameter
Mar 20, 2025
CVSS 7.7
EPSS 0.01
CVE-2024-7806
HIGH
open-webui <= 0.3.8 - Remote Code Execution via CSRF
Mar 20, 2025
CVSS 8.8
EPSS 0.02
CVE-2024-7776
CRITICAL
onnx <= 1.16.1 - Path Traversal and Arbitrary File Overwrite via Malicious Tar File
Mar 20, 2025
CVSS 9.1
EPSS 0.05
CVE-2024-7768
HIGH
h2oai/h2o-3 3.46.1 - Denial of Service via Recursive Path Parameter in ImportFiles Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7765
HIGH
h2o 3.46.0.2 - Denial of Service via GZIP File Parsing
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-7760
CRITICAL
aim 3.22.0 - Cross-Site Request Forgery via Permissive CORS Settings
Mar 20, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-7053
CRITICAL
open-webui 0.3.8 - Authenticated Session Fixation and Remote Code Execution via Malicious Markdown Image
Mar 20, 2025
CVSS 9.0
EPSS 0.00
CVE-2024-7046
MEDIUM
open-webui 0.3.8 - Unauthenticated Admin Details Exposure via /api/v1/auths/admin/details
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-7045
MEDIUM
open-webui v0.3.8 - Unauthenticated Prompt Information Disclosure via API Endpoints
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-7044
HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Chat File Upload
Mar 20, 2025
CVSS 8.9
EPSS 0.00
CVE-2024-7043
HIGH
open-webui 0.3.8 - Unauthenticated Arbitrary File Read and Delete via API Endpoints
Mar 20, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-7039
MEDIUM
open-webui v0.3.8 - Authenticated Administrator Deletion via API Endpoint
Mar 20, 2025
CVSS 6.7
EPSS 0.00
CVE-2024-7036
HIGH
open-webui 0.3.8 - Denial of Service via Oversized Name Field
Mar 20, 2025
CVSS 7.5
EPSS 0.02
CVE-2024-7035
MEDIUM
open-webui v0.3.8 - Cross-Site Request Forgery via Sensitive GET Endpoints
Mar 20, 2025
CVSS 6.9
EPSS 0.00
CVE-2024-7034
HIGH
open-webui 0.3.8 - Arbitrary File Write via Models Upload Endpoint
Mar 20, 2025
CVSS 7.2
EPSS 0.07
CVE-2024-7033
HIGH
open-webui 0.3.8 - Arbitrary File Write via Download Model Endpoint
Mar 20, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-6982
HIGH
parisneo/lollms < 9.10 - Remote Code Execution via Calculate Function Sandbox Bypass
Mar 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-6866
HIGH
corydolphin/flask-cors <4.01 - SSRF
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-6863
MEDIUM
h2oai/h2o-3 3.46.0 - Arbitrary File Encryption via EncryptionTool Endpoint
Mar 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-6854
HIGH
h2o 3.46.0 - Absolute Path Traversal via Model Export Endpoint
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-6851
HIGH
aimhubio/aim <3.22.0 - Path Traversal
Mar 20, 2025
CVSS 7.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters