pypi

4,708 tracked vulnerabilities.

CVE-2024-52296 MEDIUM
libosdp < 2.4.0 - Unauthenticated NULL Pointer Dereference in osdp_reply_name
Nov 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-11079 MEDIUM
ansible-core >=2.18.0b1 <2.18.1rc1 - Arbitrary Code Execution via Hostvars Object
Nov 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-52288 MEDIUM
libosdp < 3.0.0 - Message Integrity Bypass via Unexpected REPLY_CCRYPT or REPLY_RMAC_I
Nov 11, 2024
CVSS 5.1
EPSS 0.00
CVE-2024-27529 HIGH
wasm3 139076a - Out-of-bounds Read in Read_utf8
Nov 08, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-50378 MEDIUM
Apache Airflow < 2.10.3 - Authenticated Sensitive Information Exposure in Audit Logs
Nov 08, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-51998 HIGH
changedetection.io - Info Disclosure
Nov 08, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-51751 MEDIUM
Gradio 5.0.0-5.4.9 - Path Traversal via File or UploadButton Component
Nov 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-10082 HIGH
CodeChecker <6.24.1 - Privilege Escalation
Nov 06, 2024
CVSS 8.7
EPSS 0.00
CVE-2024-10081 CRITICAL NUCLEI
CodeChecker <= 6.24.1 - Authentication Bypass via API URL Ending with Authentication
Nov 06, 2024
CVSS 10.0
EPSS 0.74
CVE-2024-9902 MEDIUM
ansible-core < 2.14.18rc1 - Unauthenticated Arbitrary File Write via User Module
Nov 06, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-51493 MEDIUM
OctoPrint <= 1.10.2 - Unverified Password Change via Stolen API Key
Nov 05, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-49377 MEDIUM
OctoPrint <= 1.10.2 - Reflected Cross-Site Scripting in Login and Application Key Dialogs
Nov 05, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-51734 HIGH
Zope AccessControl <7.2 - Info Disclosure
Nov 04, 2024
EPSS 0.00
CVE-2024-48061 CRITICAL
langflow <=1.0.18 - Remote Code Execution via Unsafe Component Code Execution
Nov 04, 2024
CVSS 9.8
EPSS 0.13
CVE-2024-48052 MEDIUM
gradio < 4.42.0 - Server-Side Request Forgery via DownloadButton URL Parameter
Nov 04, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-48050 CRITICAL
agentscope < 0.0.4 - Remote Code Execution via is_callable_expression eval
Nov 04, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-51483 MEDIUM NUCLEI
changedetection.io < 0.47.5 - Path Traversal via WebDriver File URL
Nov 01, 2024
EPSS 0.39
CVE-2024-42835 CRITICAL
langflow v1.0.12 - Remote Code Execution via PythonCodeTool Component
Oct 31, 2024
CVSS 9.8
EPSS 0.07
CVE-2024-49769 HIGH
Waitress < 3.0.1 - Denial of Service via Connection Cleanup Race Condition
Oct 29, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-49768 CRITICAL
Waitress 2.0.0-3.0.0 - Time-of-check Time-of-use Race Condition via HTTP Pipelining
Oct 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-8309 CRITICAL
langchain-ai/langchain <0.2.5 - SQL Injection
Oct 29, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-6581 CRITICAL
Lollms v9.9 - Cross-Site Scripting via SVG Upload in Discussion Image Function
Oct 29, 2024
CVSS 9.0
EPSS 0.02
CVE-2024-39205 CRITICAL
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
Oct 28, 2024
CVSS 9.8
EPSS 0.84
CVE-2024-49771 MEDIUM
MPXJ 8.3.5-13.5.0 - Path Traversal
Oct 28, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47821 CRITICAL
pyload < 0.5.0b3.dev87 - Remote Code Execution via Script Folder Download
Oct 25, 2024
CVSS 9.1
EPSS 0.02
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV