pypi
4,998 tracked vulnerabilities.
CVE-2024-6577
MEDIUM
torchserve - Unauthenticated S3 Bucket Access via upload_results_to_s3.sh
Mar 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-6483
MEDIUM
aimhubio/aim <3.19.3 - Path Traversal
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-12911
HIGH
llamaindex < 0.5.1 - SQL Injection via Prompt Injection in JSONalyzeQueryEngine
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-12910
MEDIUM
Llamaindex < 0.12.9 - Denial of Service
Mar 20, 2025
CVSS 5.9
EPSS 0.01
CVE-2024-12909
CRITICAL
llamaindex < 0.3.0 - SQL Injection and Remote Code Execution via FinanceChatLlamaPack run_sql_query Function
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-12778
HIGH
aim 3.25.0 - Denial of Service via Excessive Metrics Request
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12777
MEDIUM
aimstack aim 3.25.0 - Denial of Service via SSHFS Client Timeout Misuse
Mar 20, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-12761
HIGH
imaginAIry 15.0.0 - Denial of Service via StableStudio Generate Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12720
HIGH
huggingface/transformers < 4.48.0 - Regular Expression Denial of Service in tokenization_nougat_fast.py
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12704
HIGH
llamaindex < 0.12.6 - Denial of Service via LangChainLLM stream_complete Thread Termination
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12537
HIGH
open-webui 0.3.32 - Unauthenticated Denial of Service via Code Format Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12534
HIGH
open-webui v0.3.32 - Unauthenticated Denial of Service via Large Payload Submission
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12376
HIGH
lm-sys fastchat - Server-Side Request Forgery
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12217
MEDIUM
gradio - Path Traversal via NTFS Alternate Data Streams Bypass
Mar 20, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-12216
HIGH
gluoncv 0.10.0 - Arbitrary File Write via TarSlip in ImageClassificationDataset.from_csv()
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-12215
HIGH
kedro 0.19.8 - Remote Code Execution via setup.py in Micro Package Extraction
Mar 20, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-12029
CRITICAL
InvokeAI 5.3.1-5.4.2 - Remote Code Execution via Unsafe Model File Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.05
CVE-2024-11958
CRITICAL
run-llama/llama_index - SQL Injection
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-11603
HIGH
lm-sys fastchat 0.2.36 - Server-Side Request Forgery via Queue Join Endpoint Path Parameter
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-11602
HIGH
feast 0.40.0 - Origin Validation Error in CORS Configuration
Mar 20, 2025
CVSS 7.4
EPSS 0.00
CVE-2024-11043
HIGH
InvokeAI - Denial of Service via Large Payload in Board Name PATCH Request
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-11042
CRITICAL
invoke-ai/invokeai <5.0.2 - Privilege Escalation
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-11041
CRITICAL
vllm v0.6.2 - Remote Code Execution via Pickle Deserialization in MessageQueue.dequeue()
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10940
MEDIUM
Langchain-core <0.1.53,<0.2.43,<0.3.15 - Info Disclosure
Mar 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-10912
HIGH
lm-sys fastchat 0.2.36 - Denial of Service via Large Filename in File Upload
Mar 20, 2025
CVSS 7.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters