pypi
4,708 tracked vulnerabilities.
CVE-2024-49767
HIGH
Werkzeug <3.0.6 - DoS
Oct 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-49766
MEDIUM
Werkzeug < 3.0.6 - Path Traversal on Windows via UNC Path Handling
Oct 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-49750
MEDIUM
Snowflake Connector for Python <3.12.3 - Info Disclosure
Oct 24, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-10073
MEDIUM
flairNLP flair 0.14.0 - Code Injection
Oct 17, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-21272
HIGH
MySQL Connector/Python <= 9.0.0 - Authenticated Remote Takeover via Multiple Protocols
Oct 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47874
HIGH
Starlette < 0.40.0 - Denial of Service via Unbounded Multipart Form Data Handling
Oct 15, 2024
EPSS 0.00
CVE-2024-48911
HIGH
OpenCanary < 0.9.4 - Privilege Escalation via Config File Manipulation
Oct 14, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-6985
MEDIUM
lollms/lollms < 5.9.0 - Path Traversal via Personality Folder Parameter
Oct 11, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-6971
MEDIUM
lollms-webui - Path Traversal in lollms_file_system.py
Oct 11, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-47872
MEDIUM
gradio < 5.0.0 - Stored Cross-Site Scripting via File Upload
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47871
CRITICAL
gradio < 5.0.0 - Missing Encryption of Sensitive Data via FRP Client-Server Communication
Oct 10, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-47870
HIGH
Gradio < 5.0.0 - Race Condition in update_root_in_config
Oct 10, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-47869
LOW
gradio < 4.44.0 - Timing Attack via Analytics Dashboard Hash Comparison
Oct 10, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-47868
HIGH
Gradio < 5.0.0 - Path Traversal and Arbitrary File Read via FileData Components
Oct 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47867
HIGH
Gradio < 5.0.0 - Insufficient Integrity Check on FRP Client Download
Oct 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47168
MEDIUM
gradio < 4.44.0 - Unauthenticated Data Exposure via Monitoring Endpoint
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47167
CRITICAL
Gradio < 5.0 queue/join - Server-Side Request Forgery
Oct 10, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-47166
MEDIUM
gradio < 4.44.0 - Path Traversal via Custom Component Endpoint
Oct 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47165
MEDIUM
gradio < 5.0.0 - Improper Authorization via Null Origin CORS Bypass
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47164
MEDIUM
Gradio < 5.0.0 - Path Traversal Bypass via is_in_or_equal Function
Oct 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-47084
HIGH
Gradio < 4.44.0 - Improper Authorization via CORS Origin Validation Bypass
Oct 10, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-7041
MEDIUM
open-webui v0.3.8 - Authorization Bypass via Memories Update API Endpoint
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7037
HIGH
open-webui v0.3.8 - Arbitrary File Write and Delete via /api/pipelines/upload Endpoint
Oct 09, 2024
CVSS 7.2
EPSS 0.02
CVE-2024-7038
LOW
open-webui 0.3.8 - Information Disclosure via Embedding Model Update Error Messages
Oct 09, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-47833
MEDIUM
Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies
Oct 09, 2024
CVSS 6.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters