pypi
4,708 tracked vulnerabilities.
CVE-2024-6844
MEDIUM
corydolphin/flask-cors 4.0.1 - Info Disclosure
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-6839
MEDIUM
flask-cors < 6.0.0 - Improper CORS Policy Enforcement via Regex Pattern Priority Mismatch
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-6838
MEDIUM
MLflow v2.13.2 - Denial of Service via Large Experiment Name or Artifact Location
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-6829
CRITICAL
aimhubio/aim <3.19.3 - Code Injection
Mar 20, 2025
CVSS 9.1
EPSS 0.00
CVE-2024-6827
HIGH
Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-6825
HIGH
litellm < 1.65.4 - Remote Code Execution via Post Call Rules Callback Injection
Mar 20, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-6577
MEDIUM
torchserve - Unauthenticated S3 Bucket Access via upload_results_to_s3.sh
Mar 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-6483
MEDIUM
aimhubio/aim <3.19.3 - Path Traversal
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-12911
HIGH
llamaindex < 0.5.1 - SQL Injection via Prompt Injection in JSONalyzeQueryEngine
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-12910
MEDIUM
Llamaindex < 0.12.9 - Denial of Service
Mar 20, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-12909
CRITICAL
llamaindex < 0.3.0 - SQL Injection and Remote Code Execution via FinanceChatLlamaPack run_sql_query Function
Mar 20, 2025
CVSS 9.8
EPSS 0.04
CVE-2024-12778
HIGH
aim 3.25.0 - Denial of Service via Excessive Metrics Request
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12777
MEDIUM
aimstack aim 3.25.0 - Denial of Service via SSHFS Client Timeout Misuse
Mar 20, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-12761
HIGH
imaginAIry 15.0.0 - Denial of Service via StableStudio Generate Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12720
HIGH
huggingface/transformers < 4.48.0 - Regular Expression Denial of Service in tokenization_nougat_fast.py
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12704
HIGH
llamaindex < 0.12.6 - Denial of Service via LangChainLLM stream_complete Thread Termination
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12537
HIGH
open-webui 0.3.32 - Unauthenticated Denial of Service via Code Format Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.03
CVE-2024-12534
HIGH
open-webui v0.3.32 - Unauthenticated Denial of Service via Large Payload Submission
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12376
HIGH
lm-sys fastchat - Server-Side Request Forgery
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12217
MEDIUM
gradio - Path Traversal via NTFS Alternate Data Streams Bypass
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-12216
HIGH
gluoncv 0.10.0 - Arbitrary File Write via TarSlip in ImageClassificationDataset.from_csv()
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-12215
HIGH
kedro 0.19.8 - Remote Code Execution via setup.py in Micro Package Extraction
Mar 20, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-12029
CRITICAL
InvokeAI 5.3.1-5.4.2 - Remote Code Execution via Unsafe Model File Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.44
CVE-2024-11958
CRITICAL
run-llama/llama_index - SQL Injection
Mar 20, 2025
CVSS 9.8
EPSS 0.04
CVE-2024-11603
HIGH
lm-sys fastchat 0.2.36 - Server-Side Request Forgery via Queue Join Endpoint Path Parameter
Mar 20, 2025
CVSS 7.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters