pypi

4,708 tracked vulnerabilities.

CVE-2024-39162 MEDIUM
pyspider <= 0.3.10 - Cross-Site Scripting via /update Endpoint
Nov 29, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-52008 HIGH
Fides < 2.50.0 - Weak Password Policy Enforcement via User Invite Acceptance API
Nov 26, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-52787 CRITICAL
libre-chat 0.0.6 - Path Traversal via Crafted Filename in Uploaded File
Nov 25, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-27134 HIGH
MLflow < 2.16.0 - Local Privilege Escalation via Spark UDF ToCToU Race Condition
Nov 25, 2024
CVSS 7.0
EPSS 0.00
CVE-2024-53916 HIGH
OpenStack Neutron <25.0.1 - Privilege Escalation
Nov 25, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-53899 HIGH
virtualenv <20.26.6 - Command Injection
Nov 24, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-11394 HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via Trax Model Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.65
CVE-2024-11393 HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via MaskFormer Model Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.80
CVE-2024-11392 HIGH
Hugging Face Transformers MobileViTV2 - Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.59
CVE-2024-53253 MEDIUM
Sentry 24.11.0 - Information Disclosure of Integration Client Secret in Error Message
Nov 22, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-52804 HIGH
Tornado < 6.4.2 - Denial of Service via Malicious Cookie Header Parsing
Nov 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-52803 HIGH
llama-factory < 0.9.1 - OS Command Injection via Popen with shell=True
Nov 21, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-52581 HIGH
Litestar < 2.13.0 - Denial of Service via Multipart Form Parser
Nov 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-11406 MEDIUM
django CMS Attributes Fields <4.0 - XSS
Nov 20, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-11404 MEDIUM
django-filer < 3.3.0 - Unrestricted File Upload and Stored Cross-Site Scripting
Nov 20, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-52595 HIGH
lxml_html_clean < 0.4.0 - Cross-Site Scripting via Improper Context-Switching Tag Handling
Nov 19, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-52304 HIGH
aiohttp <3.10.11 - Request Smuggling
Nov 18, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-52303 HIGH
aiohttp <3.10.11 - Memory Corruption
Nov 18, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47533 CRITICAL NUCLEI
Cobbler <3.2.3, <3.3.7 - Auth Bypass
Nov 18, 2024
CVSS 9.8
EPSS 0.71
CVE-2024-11319 MEDIUM
django-cms 3.11.7-3.11.8 4.1.2-4.1.3 - Stored Cross-Site Scripting in Page Title Field
Nov 18, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-45784 HIGH
Apache Airflow <2.10.3 - Info Disclosure
Nov 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52524 MEDIUM
Giskard < 2.15.5 - Denial of Service via Inefficient Regular Expression Complexity
Nov 14, 2024
EPSS 0.02
CVE-2024-4311 MEDIUM
zenml < 0.57.0rc2 - Account Takeover via Unlimited Password Change Attempts
Nov 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-49048 HIGH
TorchGeo < 0.6.1 - Remote Code Execution
Nov 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-43598 HIGH
LightGBM < 4.6.0 - Remote Code Execution
Nov 12, 2024
CVSS 8.1
EPSS 0.02
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV