pypi
4,708 tracked vulnerabilities.
CVE-2024-11602
HIGH
feast 0.40.0 - Origin Validation Error in CORS Configuration
Mar 20, 2025
CVSS 7.4
EPSS 0.00
CVE-2024-11043
HIGH
InvokeAI - Denial of Service via Large Payload in Board Name PATCH Request
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-11042
CRITICAL
invoke-ai/invokeai <5.0.2 - Privilege Escalation
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-11041
CRITICAL
vllm v0.6.2 - Remote Code Execution via Pickle Deserialization in MessageQueue.dequeue()
Mar 20, 2025
CVSS 9.8
EPSS 0.06
CVE-2024-10940
MEDIUM
Langchain-core <0.1.53,<0.2.43,<0.3.15 - Info Disclosure
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-10912
HIGH
lm-sys fastchat 0.2.36 - Denial of Service via Large Filename in File Upload
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10908
MEDIUM
NUCLEI
lm-sys fastchat v0.2.36 - Unauthenticated Open Redirect via Crafted URL
Mar 20, 2025
CVSS 6.1
EPSS 0.01
CVE-2024-10907
HIGH
lm-sys FastChat v0.2.36 - Unauthenticated Denial of Service via Malformed Multipart Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10906
HIGH
db-gpt 0.6.0 - Cross-Site Request Forgery via Overly Permissive CORS Configuration
Mar 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2024-10902
CRITICAL
db-gpt v0.6.0 - Unauthenticated Arbitrary File Upload and Path Traversal via Agent Upload API
Mar 20, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-10901
CRITICAL
db-gpt v0.6.0 - Arbitrary File Write and Remote Code Execution via Chart Editor API
Mar 20, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-10835
CRITICAL
db-gpt < 0.7.1 - Unauthenticated Arbitrary File Write and Remote Code Execution via SQL Injection
Mar 20, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-10833
CRITICAL
db-gpt < 0.6.2 - Arbitrary File Write via Knowledge API Filename Parameter
Mar 20, 2025
CVSS 9.1
EPSS 0.00
CVE-2024-10831
CRITICAL
db-gpt 0.6.0 - Absolute Path Traversal via File Upload Endpoint
Mar 20, 2025
CVSS 9.1
EPSS 0.00
CVE-2024-10830
HIGH
db-gpt 0.6.0 - Path Traversal and Arbitrary File Deletion via File Key Parameter
Mar 20, 2025
CVSS 8.2
EPSS 0.00
CVE-2024-10829
HIGH
db-gpt v0.6.0 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10821
HIGH
InvokeAI v5.0.1 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10713
HIGH
szad670401/hyperlpr 3.0 - Unauthenticated Denial of Service via Malformed Multipart Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10648
HIGH
Gradio - Path Traversal and Denial of Service via Audio Component Format Manipulation
Mar 20, 2025
CVSS 8.2
EPSS 0.00
CVE-2024-10624
HIGH
gradio - Regular Expression Denial of Service in Datetime Component
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10572
HIGH
h2o 3.46.0.1 - Denial of Service via XGBoostLibExtractTool in run_tool Command
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10569
HIGH
gradio - Denial of Service via Zip Bomb in DataFrame Component
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10553
CRITICAL
h2o < 3.46.0.6 - Unauthenticated Remote Code Execution via JDBC URL Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.03
CVE-2024-10550
HIGH
h2o 3.46.0.1 - Denial of Service via Inefficient Regular Expression Complexity in /3/ParseSetup Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10549
HIGH
h2o 3.46.0.1 - Denial of Service via /3/Parse Endpoint Regular Expression
Mar 20, 2025
CVSS 7.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters