pypi
4,998 tracked vulnerabilities.
CVE-2024-10908
MEDIUM
NUCLEI
lm-sys fastchat v0.2.36 - Unauthenticated Open Redirect via Crafted URL
Mar 20, 2025
CVSS 6.1
EPSS 0.01
CVE-2024-10907
HIGH
lm-sys FastChat v0.2.36 - Unauthenticated Denial of Service via Malformed Multipart Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10906
HIGH
db-gpt 0.6.0 - Cross-Site Request Forgery via Overly Permissive CORS Configuration
Mar 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2024-10902
CRITICAL
db-gpt v0.6.0 - Unauthenticated Arbitrary File Upload and Path Traversal via Agent Upload API
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10901
CRITICAL
db-gpt v0.6.0 - Arbitrary File Write and Remote Code Execution via Chart Editor API
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10835
CRITICAL
db-gpt < 0.7.1 - Unauthenticated Arbitrary File Write and Remote Code Execution via SQL Injection
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10833
CRITICAL
db-gpt < 0.6.2 - Arbitrary File Write via Knowledge API Filename Parameter
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-10831
CRITICAL
db-gpt 0.6.0 - Absolute Path Traversal via File Upload Endpoint
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-10830
HIGH
db-gpt 0.6.0 - Path Traversal and Arbitrary File Deletion via File Key Parameter
Mar 20, 2025
CVSS 8.2
EPSS 0.01
CVE-2024-10829
HIGH
db-gpt v0.6.0 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10821
HIGH
InvokeAI v5.0.1 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10713
HIGH
szad670401/hyperlpr 3.0 - Unauthenticated Denial of Service via Malformed Multipart Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10648
HIGH
Gradio - Path Traversal and Denial of Service via Audio Component Format Manipulation
Mar 20, 2025
CVSS 8.2
EPSS 0.01
CVE-2024-10624
HIGH
gradio - Regular Expression Denial of Service in Datetime Component
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10572
HIGH
h2o 3.46.0.1 - Denial of Service via XGBoostLibExtractTool in run_tool Command
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10569
HIGH
gradio - Denial of Service via Zip Bomb in DataFrame Component
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10553
CRITICAL
h2o < 3.46.0.6 - Unauthenticated Remote Code Execution via JDBC URL Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10550
HIGH
h2o 3.46.0.1 - Denial of Service via Inefficient Regular Expression Complexity in /3/ParseSetup Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10549
HIGH
h2o 3.46.0.1 - Denial of Service via /3/Parse Endpoint Regular Expression
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10190
CRITICAL
Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via ElasticRendezvousHandler Pickle Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10188
HIGH
litellm < 1.53.1.dev1 - Unauthenticated Denial of Service via ast.literal_eval Input Parsing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10110
HIGH
aimstack aim 3.23.0 - Denial of Service via ScheduledStatusReporter Main Thread Blocking
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-27763
MEDIUM
XPixelGroup BasicSR <=1.4.2 - Code Injection
Mar 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-24778
MEDIUM
Apache StreamPipes <0.97.0 - Privilege Escalation
Mar 03, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-12797
MEDIUM
TLS/DTLS - Man-in-the-Middle
Feb 11, 2025
CVSS 6.3
EPSS 0.02
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters