pypi
4,708 tracked vulnerabilities.
CVE-2024-10190
CRITICAL
Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via ElasticRendezvousHandler Pickle Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10188
HIGH
litellm < 1.53.1.dev1 - Unauthenticated Denial of Service via ast.literal_eval Input Parsing
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10110
HIGH
aimstack aim 3.23.0 - Denial of Service via ScheduledStatusReporter Main Thread Blocking
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-27763
MEDIUM
XPixelGroup BasicSR <=1.4.2 - Code Injection
Mar 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-24778
MEDIUM
Apache StreamPipes <0.97.0 - Privilege Escalation
Mar 03, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-12797
MEDIUM
TLS/DTLS - Man-in-the-Middle
Feb 11, 2025
CVSS 6.3
EPSS 0.01
CVE-2024-12366
CRITICAL
PandasAI - Remote Code Execution via Prompt Injection
Feb 11, 2025
CVSS 9.8
EPSS 0.06
CVE-2024-53829
HIGH
CodeChecker <= 6.24.4 - Cross-Site Request Forgery
Jan 21, 2025
CVSS 8.2
EPSS 0.00
CVE-2024-50633
NONE
Indico < 3.3.5 - Information Disclosure via /api/principals
Jan 16, 2025
EPSS 0.09
CVE-2024-56374
MEDIUM
Django 4.2-4.2.17 5.0-5.0.10 5.1-5.1.4 - Denial of Service via IPv6 Address Validation
Jan 14, 2025
CVSS 5.8
EPSS 0.00
CVE-2024-49375
CRITICAL
Rasa < 3.6.21 and Rasa-Pro < 3.10.12 - Remote Code Execution via Malicious Model Deserialization
Jan 14, 2025
CVSS 9.0
EPSS 0.03
CVE-2024-53995
LOW
NUCLEI
SickChill <= 2024.3.1 - Authenticated Open Redirect via Login Next Parameter
Jan 08, 2025
EPSS 0.01
CVE-2024-53526
MEDIUM
composio >=0.5.40 - Command Injection via handle_tool_calls Function
Jan 08, 2025
CVSS 6.4
EPSS 0.01
CVE-2024-55459
MEDIUM
Keras 3.7.0 - Arbitrary File Write via get_file Tar Download
Jan 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-45033
HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
Jan 08, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-52294
MEDIUM
Khoj < 1.29.10 - Authenticated Insecure Direct Object Reference in Subscription Endpoint
Dec 30, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39025
HIGH
letta - Incorrect Authorization in /users Endpoint
Dec 27, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-56509
HIGH
changedetection.io - Path Traversal
Dec 27, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-9774
MEDIUM
Python-SQL <unknown> - SQL Injection
Dec 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-12745
HIGH
Amazon Redshift Python Connector 2.1.4 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-9427
MEDIUM
Koji 1.35.0 - Reflected Cross-Site Scripting via Unsanitized Input
Dec 24, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-56326
HIGH
Jinja < 3.1.5 - Remote Code Execution via Sandboxed Template String Format Bypass
Dec 23, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-56201
HIGH
Jinja 3.0.0-3.1.4 - Remote Code Execution via Template Filename Control
Dec 23, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-56327
CRITICAL
pyrage 1.2.0-1.2.2 - Remote Code Execution via Malicious Plugin
Dec 19, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-56142
MEDIUM
pghoard < 2.6.1-rc and Aiven-Open pghoard <= 2.2.2a - Path Traversal
Dec 17, 2024
CVSS 6.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters