pypi
4,998 tracked vulnerabilities.
CVE-2024-7776
CRITICAL
onnx <= 1.16.1 - Path Traversal and Arbitrary File Overwrite via Malicious Tar File
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-7768
HIGH
h2oai/h2o-3 3.46.1 - Denial of Service via Recursive Path Parameter in ImportFiles Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7765
HIGH
h2o 3.46.0.2 - Denial of Service via GZIP File Parsing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7760
CRITICAL
aim 3.22.0 - Cross-Site Request Forgery via Permissive CORS Settings
Mar 20, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-7053
CRITICAL
open-webui 0.3.8 - Authenticated Session Fixation and Remote Code Execution via Malicious Markdown Image
Mar 20, 2025
CVSS 9.0
EPSS 0.01
CVE-2024-7046
MEDIUM
open-webui 0.3.8 - Unauthenticated Admin Details Exposure via /api/v1/auths/admin/details
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-7045
MEDIUM
open-webui v0.3.8 - Unauthenticated Prompt Information Disclosure via API Endpoints
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-7044
HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Chat File Upload
Mar 20, 2025
CVSS 8.9
EPSS 0.00
CVE-2024-7043
HIGH
open-webui 0.3.8 - Unauthenticated Arbitrary File Read and Delete via API Endpoints
Mar 20, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-7039
MEDIUM
open-webui v0.3.8 - Authenticated Administrator Deletion via API Endpoint
Mar 20, 2025
CVSS 6.7
EPSS 0.01
CVE-2024-7036
HIGH
open-webui 0.3.8 - Denial of Service via Oversized Name Field
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7035
MEDIUM
open-webui v0.3.8 - Cross-Site Request Forgery via Sensitive GET Endpoints
Mar 20, 2025
CVSS 6.9
EPSS 0.00
CVE-2024-7034
HIGH
open-webui 0.3.8 - Arbitrary File Write via Models Upload Endpoint
Mar 20, 2025
CVSS 7.2
EPSS 0.02
CVE-2024-7033
HIGH
open-webui 0.3.8 - Arbitrary File Write via Download Model Endpoint
Mar 20, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-6982
HIGH
parisneo/lollms < 9.10 - Remote Code Execution via Calculate Function Sandbox Bypass
Mar 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-6866
HIGH
corydolphin/flask-cors <4.01 - SSRF
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-6863
MEDIUM
h2oai/h2o-3 3.46.0 - Arbitrary File Encryption via EncryptionTool Endpoint
Mar 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-6854
HIGH
h2o 3.46.0 - Absolute Path Traversal via Model Export Endpoint
Mar 20, 2025
CVSS 7.1
EPSS 0.01
CVE-2024-6851
HIGH
aimhubio/aim <3.22.0 - Path Traversal
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-6844
MEDIUM
corydolphin/flask-cors 4.0.1 - Info Disclosure
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-6839
MEDIUM
flask-cors < 6.0.0 - Improper CORS Policy Enforcement via Regex Pattern Priority Mismatch
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-6838
MEDIUM
MLflow v2.13.2 - Denial of Service via Large Experiment Name or Artifact Location
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-6829
CRITICAL
aimhubio/aim <3.19.3 - Code Injection
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-6827
HIGH
Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-6825
HIGH
litellm < 1.65.4 - Remote Code Execution via Post Call Rules Callback Injection
Mar 20, 2025
CVSS 8.8
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters