pypi

4,708 tracked vulnerabilities.

CVE-2024-55890 MEDIUM
dtale < 3.16.1 - Remote Code Execution via Custom Filter Settings
Dec 13, 2024
EPSS 0.07
CVE-2024-21543 HIGH
djoser < 2.3.0 - Authentication Bypass via Database Query Fallback
Dec 13, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-55633 MEDIUM
Apache Superset < 4.1.0 - Incorrect Authorization via SQL DML Statement
Dec 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-55587 HIGH
python-libarchive through 4.2.1 - Path Traversal via ZipFile.extract and ZipFile.extractall
Dec 12, 2024
CVSS 8.8
EPSS 0.37
CVE-2024-55655 LOW
sigstore-python 2.0.0-3.6.0 - Improper Input Validation of Integration Time in v2 and v3 Bundles
Dec 10, 2024
EPSS 0.00
CVE-2024-21542 HIGH
luigi < 3.6.0 - Arbitrary File Write via Archive Extraction
Dec 10, 2024
CVSS 8.6
EPSS 0.14
CVE-2024-46455 CRITICAL
unstructured < 0.14.3 - XML External Entity Injection via XMLParser
Dec 09, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-53949 MEDIUM
Apache Superset <4.1.0 - Auth Bypass
Dec 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-53948 MEDIUM
Apache Superset <4.1.0 - Info Disclosure
Dec 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-53947 CRITICAL
Apache Superset <4.1.0 - SQL Injection
Dec 09, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-53908 CRITICAL
Django <5.1.4, 5.0 <5.0.10, 4.2 <4.2.17 - SQL Injection
Dec 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53907 HIGH
Django 4.2-4.2.16 5.0-5.0.9 5.1-5.1.3 - Denial of Service via Nested Incomplete HTML Entities
Dec 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39163 HIGH
pyspider <= 0.3.10 - Cross-Site Request Forgery via Flask Endpoints
Dec 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-53867 MEDIUM
matrix-synapse 1.113.0rc1-1.120.0 - Exposure of Sensitive Room State Information via Sliding Sync
Dec 03, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-53863 CRITICAL
Synapse < 1.120.1 - Unrestricted Upload of File with Dangerous Type via Dynamic Thumbnail Generation
Dec 03, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-52815 MEDIUM
Synapse < 1.120.1 - Denial of Service via Malformed Federation Invite
Dec 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-52805 HIGH
Synapse < 1.120.1 - Denial of Service via Multipart/Form-Data Request
Dec 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37303 MEDIUM
Synapse < 1.106.0 - Unauthenticated Media Repository Cache Poisoning via Remote Media Download
Dec 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-37302 HIGH
Synapse < 1.106.0 - Unauthenticated Denial of Service via Remote Media Download
Dec 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-54000 HIGH
MobSF < 3.9.7 assetlinks Redirect - Server-Side Request Forgery
Dec 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-53999 HIGH
Mobile Security Framework < 4.2.9 - Stored Cross-Site Scripting via Filename Parameter
Dec 03, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-53981 HIGH
python-multipart < 0.0.18 - Denial of Service via Excessive Logging
Dec 02, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-53865 HIGH
zhmcclient < 1.18.1 - Cleartext Storage of Sensitive Information in Logs
Nov 29, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-53861 LOW
PyJWT 2.10.0 - Incorrect String Comparison in 'iss' Claim Validation
Nov 29, 2024
CVSS 2.2
EPSS 0.01
CVE-2024-53848 HIGH
check-jsonschema < 0.30.0 - Cache Confusion via Schema Basename Conflict
Nov 29, 2024
CVSS 7.1
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV