pypi

4,998 tracked vulnerabilities.

CVE-2024-7776 CRITICAL
onnx <= 1.16.1 - Path Traversal and Arbitrary File Overwrite via Malicious Tar File
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-7768 HIGH
h2oai/h2o-3 3.46.1 - Denial of Service via Recursive Path Parameter in ImportFiles Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7765 HIGH
h2o 3.46.0.2 - Denial of Service via GZIP File Parsing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7760 CRITICAL
aim 3.22.0 - Cross-Site Request Forgery via Permissive CORS Settings
Mar 20, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-7053 CRITICAL
open-webui 0.3.8 - Authenticated Session Fixation and Remote Code Execution via Malicious Markdown Image
Mar 20, 2025
CVSS 9.0
EPSS 0.01
CVE-2024-7046 MEDIUM
open-webui 0.3.8 - Unauthenticated Admin Details Exposure via /api/v1/auths/admin/details
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-7045 MEDIUM
open-webui v0.3.8 - Unauthenticated Prompt Information Disclosure via API Endpoints
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-7044 HIGH
open-webui 0.3.8 - Stored Cross-Site Scripting via Chat File Upload
Mar 20, 2025
CVSS 8.9
EPSS 0.00
CVE-2024-7043 HIGH
open-webui 0.3.8 - Unauthenticated Arbitrary File Read and Delete via API Endpoints
Mar 20, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-7039 MEDIUM
open-webui v0.3.8 - Authenticated Administrator Deletion via API Endpoint
Mar 20, 2025
CVSS 6.7
EPSS 0.01
CVE-2024-7036 HIGH
open-webui 0.3.8 - Denial of Service via Oversized Name Field
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-7035 MEDIUM
open-webui v0.3.8 - Cross-Site Request Forgery via Sensitive GET Endpoints
Mar 20, 2025
CVSS 6.9
EPSS 0.00
CVE-2024-7034 HIGH
open-webui 0.3.8 - Arbitrary File Write via Models Upload Endpoint
Mar 20, 2025
CVSS 7.2
EPSS 0.02
CVE-2024-7033 HIGH
open-webui 0.3.8 - Arbitrary File Write via Download Model Endpoint
Mar 20, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-6982 HIGH
parisneo/lollms < 9.10 - Remote Code Execution via Calculate Function Sandbox Bypass
Mar 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-6866 HIGH
corydolphin/flask-cors <4.01 - SSRF
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-6863 MEDIUM
h2oai/h2o-3 3.46.0 - Arbitrary File Encryption via EncryptionTool Endpoint
Mar 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-6854 HIGH
h2o 3.46.0 - Absolute Path Traversal via Model Export Endpoint
Mar 20, 2025
CVSS 7.1
EPSS 0.01
CVE-2024-6851 HIGH
aimhubio/aim <3.22.0 - Path Traversal
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-6844 MEDIUM
corydolphin/flask-cors 4.0.1 - Info Disclosure
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-6839 MEDIUM
flask-cors < 6.0.0 - Improper CORS Policy Enforcement via Regex Pattern Priority Mismatch
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-6838 MEDIUM
MLflow v2.13.2 - Denial of Service via Large Experiment Name or Artifact Location
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-6829 CRITICAL
aimhubio/aim <3.19.3 - Code Injection
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-6827 HIGH
Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-6825 HIGH
litellm < 1.65.4 - Remote Code Execution via Post Call Rules Callback Injection
Mar 20, 2025
CVSS 8.8
EPSS 0.01