pypi

4,998 tracked vulnerabilities.

CVE-2025-23205 MEDIUM
nbgrader 0.9.4 - Exposure of Sensitive Data via Frame Ancestors Misconfiguration
Jan 17, 2025
EPSS 0.00
CVE-2025-22146 CRITICAL
Sentry 21.12.0-25.1.0 - Account Takeover via Malicious SAML Identity Provider
Jan 15, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-23042 HIGH
Gradio < 5.6.0 - Improper Authorization via Case Bypass in ACL File Path Validation
Jan 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-21607 HIGH
vyperlang/vyper < 0.4.1 - Always-Incorrect Control Flow Implementation in EcRecover and Identity Precompiles
Jan 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-22151 LOW
Strawberry GraphQL <0.257.0 - Type Confusion
Jan 09, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-21618 HIGH
NiceGUI < 2.9.1 - Improper Authentication
Jan 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-56373 HIGH
Airflow 2 - Privilege Escalation to RCE
Feb 24, 2026
CVSS 8.4
EPSS 0.01
CVE-2024-5986 CRITICAL
Ai.h2o H2o-core - Remote Code Execution
Feb 02, 2026
CVSS 9.1
EPSS 0.01
CVE-2024-38824 CRITICAL
SaltStack Salt 3006.0-3006.11 and 3007.0rc1-3007.3 - Path Traversal and Arbitrary File Write via recv_file Method
Jun 13, 2025
CVSS 9.6
EPSS 0.01
CVE-2024-38825 MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Improper Authentication in PKI Module
Jun 13, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-47081 MEDIUM
Requests < 2.32.4 - Credential Leak via Malicious URL Parsing
Jun 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-24780 CRITICAL
Apache IoTDB 1.0.0-1.3.3 - Authenticated Remote Code Execution via UDF URI
May 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-53924 CRITICAL
Pycel through 1.0b30 - Remote Code Execution via Crafted Spreadsheet Formula
Apr 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-53305 HIGH
benbusby/whoogle_search < 0.9.1 - Remote Code Execution via Crafted Search Query
Apr 16, 2025
CVSS 7.3
EPSS 0.01
CVE-2024-9701 CRITICAL
Kedro < 0.19.9 - Remote Code Execution via ShelveStore Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-9606 HIGH
berriai/litellm <1.44.12 - Info Disclosure
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-9340 HIGH
zenml < 0.68.0 - Unauthenticated Denial of Service via Malformed Multipart Request Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-9229 HIGH
quivr-core - Unauthenticated Denial of Service via Multipart Boundary Manipulation
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-9070 CRITICAL
BentoML <= 1.3.4.post1 - Remote Code Execution via Runner Server Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-9056 HIGH
BentoML v1.3.4post1 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-9053 CRITICAL
vllm 0.6.0 - Remote Code Execution via Unsafe Cloudpickle Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-8984 HIGH
litellm < 1.65.4 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-8966 HIGH
gradio/video 0.10.2 - Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-8955 HIGH
Composio 0.4.4 BrowserTool Actions - Server-Side Request Forgery File Read
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-8953 CRITICAL
composio < 0.5.43 - Remote Code Execution via Mathematical Calculator Endpoint
Mar 20, 2025
CVSS 9.8
EPSS 0.01