pypi
4,718 tracked vulnerabilities.
CVE-2024-47168
MEDIUM
gradio < 4.44.0 - Unauthenticated Data Exposure via Monitoring Endpoint
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47167
CRITICAL
Gradio < 5.0 queue/join - Server-Side Request Forgery
Oct 10, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-47166
MEDIUM
gradio < 4.44.0 - Path Traversal via Custom Component Endpoint
Oct 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47165
MEDIUM
gradio < 5.0.0 - Improper Authorization via Null Origin CORS Bypass
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47164
MEDIUM
Gradio < 5.0.0 - Path Traversal Bypass via is_in_or_equal Function
Oct 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-47084
HIGH
Gradio < 4.44.0 - Improper Authorization via CORS Origin Validation Bypass
Oct 10, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-7041
MEDIUM
open-webui v0.3.8 - Authorization Bypass via Memories Update API Endpoint
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7037
HIGH
open-webui v0.3.8 - Arbitrary File Write and Delete via /api/pipelines/upload Endpoint
Oct 09, 2024
CVSS 7.2
EPSS 0.02
CVE-2024-7038
LOW
open-webui 0.3.8 - Information Disclosure via Embedding Model Update Error Messages
Oct 09, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-47833
MEDIUM
Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-43497
HIGH
DeepSpeed < 0.15.1 - Remote Code Execution
Oct 08, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-25885
HIGH
xhtml2pdf 0.2.13 - Denial of Service via getcolor Function ReDOS
Oct 08, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-45231
MEDIUM
Django v5.1.1-v4.2.16 - Info Disclosure
Oct 08, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45230
HIGH
Django 4.2.0-4.2.15, 5.0-5.0.8, 5.1 - Denial of Service via urlize() and urlizetrunc() Template Filters
Oct 08, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-47211
MEDIUM
OpenStack Ironic <21.4.4-24.1.3 - Info Disclosure
Oct 04, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47529
MEDIUM
OpenC3 COSMOS < 5.19.0 - Cleartext Storage of Sensitive Information in LocalStorage
Oct 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-46977
MEDIUM
OpenC3 COSMOS < 5.19.0 - Authenticated Path Traversal via LocalMode open_local_file
Oct 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-43795
MEDIUM
OpenC3 COSMOS < 5.19.0 - Reflected Cross-Site Scripting in Login Functionality
Oct 02, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-47532
MEDIUM
RestrictedPython <7.3 - Info Disclosure
Sep 30, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-9277
LOW
Langflow < 1.0.18 - Inefficient Regular Expression Complexity via HTTP POST Request Handler
Sep 27, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-47082
MEDIUM
strawberry-graphql < 0.243.0 - Cross-Site Request Forgery via Multipart File Upload
Sep 25, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-46488
MEDIUM
sqlite-vec 0.1.1 - Heap-based Buffer Overflow via npy_token_next
Sep 25, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-9014
CRITICAL
NUCLEI
pgAdmin < 8.12 - OAuth2 Credential Exposure
Sep 23, 2024
CVSS 9.9
EPSS 0.93
CVE-2024-45793
MEDIUM
Confidant < 6.6.2 - Authenticated Stored Cross-Site Scripting via Credentials and Services Endpoints
Sep 20, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-8375
HIGH
Reverb < 2024-08-05 - Use-After-Free via VARIANT Tensor Unpacking
Sep 19, 2024
CVSS 7.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters