pypi

4,998 tracked vulnerabilities.

CVE-2024-10908 MEDIUM NUCLEI
lm-sys fastchat v0.2.36 - Unauthenticated Open Redirect via Crafted URL
Mar 20, 2025
CVSS 6.1
EPSS 0.01
CVE-2024-10907 HIGH
lm-sys FastChat v0.2.36 - Unauthenticated Denial of Service via Malformed Multipart Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10906 HIGH
db-gpt 0.6.0 - Cross-Site Request Forgery via Overly Permissive CORS Configuration
Mar 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2024-10902 CRITICAL
db-gpt v0.6.0 - Unauthenticated Arbitrary File Upload and Path Traversal via Agent Upload API
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10901 CRITICAL
db-gpt v0.6.0 - Arbitrary File Write and Remote Code Execution via Chart Editor API
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10835 CRITICAL
db-gpt < 0.7.1 - Unauthenticated Arbitrary File Write and Remote Code Execution via SQL Injection
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10833 CRITICAL
db-gpt < 0.6.2 - Arbitrary File Write via Knowledge API Filename Parameter
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-10831 CRITICAL
db-gpt 0.6.0 - Absolute Path Traversal via File Upload Endpoint
Mar 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-10830 HIGH
db-gpt 0.6.0 - Path Traversal and Arbitrary File Deletion via File Key Parameter
Mar 20, 2025
CVSS 8.2
EPSS 0.01
CVE-2024-10829 HIGH
db-gpt v0.6.0 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10821 HIGH
InvokeAI v5.0.1 - Unauthenticated Denial of Service via Multipart Boundary Processing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10713 HIGH
szad670401/hyperlpr 3.0 - Unauthenticated Denial of Service via Malformed Multipart Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-10648 HIGH
Gradio - Path Traversal and Denial of Service via Audio Component Format Manipulation
Mar 20, 2025
CVSS 8.2
EPSS 0.01
CVE-2024-10624 HIGH
gradio - Regular Expression Denial of Service in Datetime Component
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10572 HIGH
h2o 3.46.0.1 - Denial of Service via XGBoostLibExtractTool in run_tool Command
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10569 HIGH
gradio - Denial of Service via Zip Bomb in DataFrame Component
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10553 CRITICAL
h2o < 3.46.0.6 - Unauthenticated Remote Code Execution via JDBC URL Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10550 HIGH
h2o 3.46.0.1 - Denial of Service via Inefficient Regular Expression Complexity in /3/ParseSetup Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10549 HIGH
h2o 3.46.0.1 - Denial of Service via /3/Parse Endpoint Regular Expression
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10190 CRITICAL
Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via ElasticRendezvousHandler Pickle Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-10188 HIGH
litellm < 1.53.1.dev1 - Unauthenticated Denial of Service via ast.literal_eval Input Parsing
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-10110 HIGH
aimstack aim 3.23.0 - Denial of Service via ScheduledStatusReporter Main Thread Blocking
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-27763 MEDIUM
XPixelGroup BasicSR <=1.4.2 - Code Injection
Mar 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-24778 MEDIUM
Apache StreamPipes <0.97.0 - Privilege Escalation
Mar 03, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-12797 MEDIUM
TLS/DTLS - Man-in-the-Middle
Feb 11, 2025
CVSS 6.3
EPSS 0.02