pypi

4,718 tracked vulnerabilities.

CVE-2024-45201 HIGH
Llama Index <0.10.38 - Code Injection
Aug 22, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-8072 MEDIUM
Mage AI - Unauthenticated Exposure of Sensitive Terminal Server Command History
Aug 22, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41937 MEDIUM
Apache Airflow < 2.10.0 - Stored Cross-Site Scripting via Provider Documentation Link
Aug 21, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-43371 MEDIUM
CKAN < 2.10.5 - Server-Side Request Forgery via Resource URL
Aug 21, 2024
CVSS 4.5
EPSS 0.00
CVE-2024-41675 MEDIUM
CKAN 2.7.0-2.10.4 - Cross-Site Scripting in Datatables View Plugin
Aug 21, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-41674 MEDIUM
CKAN 2.0-2.10.4 - Sensitive Information Exposure via Solr Error Message
Aug 21, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-43396 MEDIUM
khoj < 1.15.0 - Stored Cross-Site Scripting via Automation Task Instructions
Aug 20, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-43406 HIGH
LF Edge eKuiper < 1.14.2 - SQL Injection via Get Method in sqlKvStore
Aug 20, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-43399 HIGH
Mobile Security Framework < 4.0.7 - Path Traversal via Static Libraries Extraction
Aug 19, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-6221 HIGH
corydolphin/flask-cors 4.0.1 - Info Disclosure
Aug 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-42353 MEDIUM
WebOb < 1.8.8 - Open Redirect via URL Parsing Hostname Override
Aug 14, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-42474 MEDIUM
Streamlit < 1.37.0 - Path Traversal via Static File Sharing Feature
Aug 12, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-42370 HIGH
Litestar <= 2.10.0 - Environment Variable Injection via docs-preview.yml Workflow
Aug 12, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-42367 MEDIUM
aiohttp 3.10.0-3.10.2 - Path Traversal via Compressed File Symbolic Links
Aug 12, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-41942 HIGH
JupyterHub <4.1.6, 5.1.0 - Privilege Escalation
Aug 08, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-6706 MEDIUM
OpenWebUI - Cross-Site Scripting via Malicious Prompt
Aug 07, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-7143 HIGH
Pulp - Insecure Inherited Permissions via AutoAddObjPermsMixin
Aug 07, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-42005 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - SQL Injection via JSONField QuerySet.values() Column Alias
Aug 07, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-41991 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - Denial of Service via Unicode Character Input
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-41990 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - Denial of Service via urlize() and urlizetrunc() Template Filters
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-41989 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - Uncontrolled Resource Consumption via floatformat Template Filter
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-42447 CRITICAL
Apache Airflow Providers FAB - Info Disclosure
Aug 05, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-7319 MEDIUM
openstack-heat - Exposure of Sensitive Information via Stack Abandon Command
Aug 02, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-41955 MEDIUM NUCLEI
Mobile Security Framework < 4.0.5 - Open Redirect in Authentication View
Jul 31, 2024
CVSS 5.2
EPSS 0.15
CVE-2024-41951 MEDIUM
Pheonix App <0.2.4 - Info Disclosure
Jul 31, 2024
CVSS 4.4
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV