pypi

4,998 tracked vulnerabilities.

CVE-2024-6577 MEDIUM
torchserve - Unauthenticated S3 Bucket Access via upload_results_to_s3.sh
Mar 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-6483 MEDIUM
aimhubio/aim <3.19.3 - Path Traversal
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-12911 HIGH
llamaindex < 0.5.1 - SQL Injection via Prompt Injection in JSONalyzeQueryEngine
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-12910 MEDIUM
Llamaindex < 0.12.9 - Denial of Service
Mar 20, 2025
CVSS 5.9
EPSS 0.01
CVE-2024-12909 CRITICAL
llamaindex < 0.3.0 - SQL Injection and Remote Code Execution via FinanceChatLlamaPack run_sql_query Function
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-12778 HIGH
aim 3.25.0 - Denial of Service via Excessive Metrics Request
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12777 MEDIUM
aimstack aim 3.25.0 - Denial of Service via SSHFS Client Timeout Misuse
Mar 20, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-12761 HIGH
imaginAIry 15.0.0 - Denial of Service via StableStudio Generate Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12720 HIGH
huggingface/transformers < 4.48.0 - Regular Expression Denial of Service in tokenization_nougat_fast.py
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12704 HIGH
llamaindex < 0.12.6 - Denial of Service via LangChainLLM stream_complete Thread Termination
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12537 HIGH
open-webui 0.3.32 - Unauthenticated Denial of Service via Code Format Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12534 HIGH
open-webui v0.3.32 - Unauthenticated Denial of Service via Large Payload Submission
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12376 HIGH
lm-sys fastchat - Server-Side Request Forgery
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12217 MEDIUM
gradio - Path Traversal via NTFS Alternate Data Streams Bypass
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-12216 HIGH
gluoncv 0.10.0 - Arbitrary File Write via TarSlip in ImageClassificationDataset.from_csv()
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-12215 HIGH
kedro 0.19.8 - Remote Code Execution via setup.py in Micro Package Extraction
Mar 20, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-12029 CRITICAL
InvokeAI 5.3.1-5.4.2 - Remote Code Execution via Unsafe Model File Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.05
CVE-2024-11958 CRITICAL
run-llama/llama_index - SQL Injection
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-11603 HIGH
lm-sys fastchat 0.2.36 - Server-Side Request Forgery via Queue Join Endpoint Path Parameter
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-11602 HIGH
feast 0.40.0 - Origin Validation Error in CORS Configuration
Mar 20, 2025
CVSS 7.4
EPSS 0.00
CVE-2024-11043 HIGH
InvokeAI - Denial of Service via Large Payload in Board Name PATCH Request
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-11042 CRITICAL
invoke-ai/invokeai <5.0.2 - Privilege Escalation
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-11041 CRITICAL
vllm v0.6.2 - Remote Code Execution via Pickle Deserialization in MessageQueue.dequeue()
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10940 MEDIUM
Langchain-core <0.1.53,<0.2.43,<0.3.15 - Info Disclosure
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-10912 HIGH
lm-sys fastchat 0.2.36 - Denial of Service via Large Filename in File Upload
Mar 20, 2025
CVSS 7.5
EPSS 0.01