pypi

4,718 tracked vulnerabilities.

CVE-2024-39877 HIGH
Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter
Jul 17, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-39863 MEDIUM
Apache Airflow < 2.9.3 - Authenticated Stored Cross-Site Scripting via Provider Installation Link
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-40637 MEDIUM
dbt_core < 1.6.14 - Code Injection via Malicious Package Override
Jul 16, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-39887 MEDIUM NUCLEI
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
Jul 16, 2024
CVSS 4.3
EPSS 0.56
CVE-2024-40627 MEDIUM
fastapi-opa < 2.0.1 - Unauthenticated Information Disclosure via OPTIONS Request Bypass
Jul 15, 2024
CVSS 5.8
EPSS 0.00
CVE-2024-21513 HIGH
langchain-experimental 0.0.15-<0.0.21 - Remote Code Execution via VectorSQLDatabaseChain Eval
Jul 15, 2024
CVSS 8.5
EPSS 0.13
CVE-2024-6345 HIGH
setuptools < 70.0.0 - Remote Code Execution via Package Index Download Functions
Jul 15, 2024
CVSS 8.8
EPSS 0.08
CVE-2024-39903 HIGH NUCLEI
Solara < 1.35.1 - Local File Inclusion via URI Fragment Path Traversal
Jul 12, 2024
CVSS 8.6
EPSS 0.53
CVE-2024-39905 MEDIUM
Red-DiscordBot 3.5.0-3.5.9 - Incorrect Authorization via @commands.can_manage_channel()
Jul 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39317 MEDIUM
Wagtail 2.0-5.2.5, 6.0-6.0.5 - Denial of Service via parse_query_string Inefficient Regular Expression
Jul 11, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-39614 HIGH
Django 4.2-4.2.13 and 5.0-5.0.6 - Denial of Service in get_supported_language_variant()
Jul 10, 2024
CVSS 7.5
EPSS 0.07
CVE-2024-39330 MEDIUM
Django 4.2-4.2.13 and 5.0-5.0.6 - Path Traversal via Custom Storage Class generate_filename() Override
Jul 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39329 MEDIUM
Django <5.0.7, <4.2.14 - Info Disclosure
Jul 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-38875 HIGH
Django 4.2-4.2.13 and 5.0-5.0.6 - Denial of Service via urlize and urlizetrunc Bracket Handling
Jul 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-5569 MEDIUM
zipp < 3.19.1 - Denial of Service via Infinite Loop in Path Module Functions
Jul 09, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-6227 HIGH
aim 3.19.3 - Denial of Service via Remote Tracking Server Loop
Jul 08, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3651 HIGH
kjd/idna < 3.7 - Denial of Service via Quadratic Complexity in idna.encode()
Jul 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5753 HIGH
vanna-ai/vanna 0.3.4 - Unauthenticated SQL Injection via pg_read_file()
Jul 05, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-39689 HIGH
certifi 2021.5.30-2024.7.4 - Insufficient Verification of Data Authenticity via GLOBALTRUST Root Certificates
Jul 05, 2024
CVSS 7.5
EPSS 0.26
CVE-2024-32498 MEDIUM
OpenStack <24.0.0, <28.0.2, <29.0.3 - Info Disclosure
Jul 05, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-31223 MEDIUM NUCLEI
Fides 2.19.0-2.39.2rc0 - Unauthenticated Exposure of Sensitive System Information via SERVER_SIDE_FIDES_API_URL
Jul 03, 2024
CVSS 5.3
EPSS 0.06
CVE-2024-38537 NONE
Fides < 2.39.1 - Untrusted Script Execution via polyfill.io Dependency
Jul 02, 2024
EPSS 0.22
CVE-2024-38519 HIGH
yt-dlp/youtube-dl < - Path Traversal
Jul 02, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-39303 MEDIUM
Weblate 4.14-5.6.1 - Path Traversal via Project Backup Restore
Jul 01, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-39236 CRITICAL
Gradio 4.36.1 - Code Injection via Component Meta
Jul 01, 2024
CVSS 9.8
EPSS 0.02
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV