pypi

4,718 tracked vulnerabilities.

CVE-2024-41950 HIGH
Haystack < 2.3.1 - Remote Code Execution via Jinja2 Template Injection
Jul 31, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-7340 HIGH NUCLEI
Weave < 0.50.8 - Path Traversal and Arbitrary File Read via Server API
Jul 31, 2024
CVSS 8.8
EPSS 0.88
CVE-2024-6578 MEDIUM
aim 3.19.3 - Stored Cross-Site Scripting in Logs-Tab via Terminal Output
Jul 29, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-41810 MEDIUM NUCLEI
twisted < 24.7.0rc1 - Reflected Cross-Site Scripting via redirectTo Function
Jul 29, 2024
CVSS 6.1
EPSS 0.68
CVE-2024-41671 HIGH
Twisted < 24.7.0rc1 - HTTP Request Smuggling via Pipelined Request Mismanagement
Jul 29, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-41672 HIGH
DuckDB < 1.1.0 - Unauthorized File Read via sniff_csv Function
Jul 24, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-40767 MEDIUM
OpenStack Nova <27.4.1,28.2.1,29.1.1 - Info Disclosure
Jul 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-41656 HIGH
Sentry 10.0.0-24.7.1 - Stored Cross-Site Scripting via Integration Platform Payload
Jul 23, 2024
CVSS 7.1
EPSS 0.03
CVE-2024-41129 MEDIUM
ops 2.0.0-2.14.9 - Sensitive Information Disclosure in Log Files via CLI Arguments
Jul 22, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-32152 LOW
Anki < 24.6 - Arbitrary File Creation via LaTeX Blocklist Bypass
Jul 22, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-29073 MEDIUM
Anki < 24.6 - Arbitrary File Read via Latex Verbatim Package
Jul 22, 2024
CVSS 5.3
EPSS 0.03
CVE-2024-26020 CRITICAL
Anki < 24.06 - Arbitrary Script Execution via MPV Flashcard Rendering
Jul 22, 2024
CVSS 9.6
EPSS 0.03
CVE-2024-6961 MEDIUM
guardrails-ai < 0.5.0 - XML External Entity Injection in RAIL Document Parser
Jul 21, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-6281 HIGH
parisneo/lollms <9.5.1 - Path Traversal
Jul 20, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-41124 MEDIUM
Puncia < 0.21 - Missing Encryption of Sensitive Data via HTTP API_URLs
Jul 19, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39123 MEDIUM
janeczku Calibre-Web 0.6.0-0.6.21 - Cross-Site Scripting in Edit Book Comments
Jul 19, 2024
CVSS 5.4
EPSS 0.16
CVE-2024-35199 HIGH
TorchServe 0.3.0-0.11.0 - Unprotected gRPC Interface Exposure
Jul 19, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-35198 CRITICAL
TorchServe < 0.11.0 - Security Feature Bypass via URL Path Traversal
Jul 19, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-40647 MEDIUM
Sentry-sdk <2.8.0 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39126 MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting via JavaScript in PDF, XML, and SVG Documents
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39125 MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting via HTTP Referer Header
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39124 MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting in Class Helpers
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-31411 HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-31979 MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471 LOW
Apache StreamPipes <= 0.93.0 - Time-of-check Time-of-use Race Condition in User Self-Registration
Jul 17, 2024
CVSS 3.7
EPSS 0.01
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV