pypi

4,718 tracked vulnerabilities.

CVE-2024-5062 MEDIUM
zenml 0.57.1 - Reflected Cross-Site Scripting via Survey Redirect Parameter
Jun 30, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-39705 CRITICAL
NLTK < 3.9 - Remote Code Execution via Pickle Deserialization
Jun 27, 2024
CVSS 9.8
EPSS 0.11
CVE-2024-6139 HIGH
parisneo/lollms <9.6 - Path Traversal
Jun 27, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-6085 HIGH
lollms v9.6 - Unauthenticated Path Traversal and Arbitrary File Write via XTTS Server Root Folder Manipulation
Jun 27, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-5980 CRITICAL
lightning-ai/pytorch-lightning 2.2.4-2.3.2 - Path Traversal and Arbitrary File Write via Tar.gz Plugin Extraction
Jun 27, 2024
CVSS 9.8
EPSS 0.11
CVE-2024-5979 HIGH
h2o 3.46.0 - Denial of Service via run_tool Command in rapids Component
Jun 27, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-5826 CRITICAL
vanna - Remote Code Execution via Prompt Injection in vanna.ask Function
Jun 27, 2024
CVSS 9.8
EPSS 0.07
CVE-2024-5824 HIGH
parisneo/lollms < 9.5.0 - Path Traversal and Remote Code Execution via /set_personality_config Endpoint
Jun 27, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-5751 CRITICAL
litellm < 1.40.16 - Remote Code Execution via Malicious Payload to /config/update Endpoint
Jun 27, 2024
CVSS 9.8
EPSS 0.05
CVE-2024-5710 MEDIUM
litellm < 1.40.15 - Unauthenticated Improper Access Control in Team Management Endpoints
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-22232 HIGH
Salt File Server < unknown - Path Traversal
Jun 27, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-22231 MEDIUM
Salt < 3005.5 - Directory Traversal via Syndic Cache Directory Creation
Jun 27, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-21520 MEDIUM
djangorestframework < 3.15.2 - Cross-Site Scripting via break_long_headers Template Filter
Jun 26, 2024
CVSS 6.1
EPSS 0.08
CVE-2024-38526 HIGH NUCLEI
pdoc < 14.5.1 - Dependency on Vulnerable Third-Party Component via polyfill.io CDN
Jun 26, 2024
CVSS 7.2
EPSS 0.83
CVE-2024-3121 LOW
lollms 5.9.0 - Remote Code Execution via create_conda_env Function
Jun 24, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-5443 CRITICAL
lollms < 9.5.1 - Path Traversal and Remote Code Execution via ExtensionBuilder Mount Endpoint
Jun 22, 2024
CVSS 9.8
EPSS 0.17
CVE-2024-4940 MEDIUM NUCLEI
gradio - Open Redirect via Improper URL Validation
Jun 22, 2024
CVSS 6.1
EPSS 0.07
CVE-2024-28397 MEDIUM NUCLEI
pyload-ng js2py - Remote Code Execution
Jun 20, 2024
CVSS 5.3
EPSS 0.59
CVE-2024-34693 MEDIUM
Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile
Jun 20, 2024
CVSS 6.8
EPSS 0.13
CVE-2024-38357 MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38356 MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-37891 MEDIUM
urllib3 < 1.26.19 - Proxy-Authorization Header Leak on Cross-Origin Redirects
Jun 17, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-38459 HIGH
langchain_experimental <0.0.61 - RCE
Jun 16, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-34694 HIGH
LNbits < 0.12.6 - Payment Timeout Handling Leading to Fund Loss
Jun 14, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-25142 MEDIUM
Apache Airflow <2.9.2 - Info Disclosure
Jun 14, 2024
CVSS 5.5
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV