pypi
4,998 tracked vulnerabilities.
CVE-2024-12366
CRITICAL
PandasAI - Remote Code Execution via Prompt Injection
Feb 11, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-53829
HIGH
CodeChecker <= 6.24.4 - Cross-Site Request Forgery
Jan 21, 2025
CVSS 8.2
EPSS 0.00
CVE-2024-50633
NONE
Indico < 3.3.5 - Information Disclosure via /api/principals
Jan 16, 2025
EPSS 0.01
CVE-2024-56374
MEDIUM
Django 4.2-4.2.17 5.0-5.0.10 5.1-5.1.4 - Denial of Service via IPv6 Address Validation
Jan 14, 2025
CVSS 5.8
EPSS 0.02
CVE-2024-49375
CRITICAL
Rasa < 3.6.21 and Rasa-Pro < 3.10.12 - Remote Code Execution via Malicious Model Deserialization
Jan 14, 2025
CVSS 9.0
EPSS 0.01
CVE-2024-53995
LOW
NUCLEI
SickChill <= 2024.3.1 - Authenticated Open Redirect via Login Next Parameter
Jan 08, 2025
EPSS 0.01
CVE-2024-53526
MEDIUM
composio >=0.5.40 - Command Injection via handle_tool_calls Function
Jan 08, 2025
CVSS 6.4
EPSS 0.01
CVE-2024-55459
MEDIUM
Keras 3.7.0 - Arbitrary File Write via get_file Tar Download
Jan 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-45033
HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
Jan 08, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-52294
MEDIUM
Khoj < 1.29.10 - Authenticated Insecure Direct Object Reference in Subscription Endpoint
Dec 30, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39025
HIGH
letta - Incorrect Authorization in /users Endpoint
Dec 27, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-56509
HIGH
changedetection.io - Path Traversal
Dec 27, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-9774
MEDIUM
Python-SQL <unknown> - SQL Injection
Dec 27, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-12745
HIGH
Amazon Redshift Python Connector 2.1.4 - SQL Injection via Metadata API
Dec 24, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-9427
MEDIUM
Koji 1.35.0 - Reflected Cross-Site Scripting via Unsanitized Input
Dec 24, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-56326
HIGH
Jinja < 3.1.5 - Remote Code Execution via Sandboxed Template String Format Bypass
Dec 23, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-56201
HIGH
Jinja 3.0.0-3.1.4 - Remote Code Execution via Template Filename Control
Dec 23, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-56327
CRITICAL
pyrage 1.2.0-1.2.2 - Remote Code Execution via Malicious Plugin
Dec 19, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-56142
MEDIUM
pghoard < 2.6.1-rc and Aiven-Open pghoard <= 2.2.2a - Path Traversal
Dec 17, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-55890
MEDIUM
dtale < 3.16.1 - Remote Code Execution via Custom Filter Settings
Dec 13, 2024
EPSS 0.01
CVE-2024-21543
HIGH
djoser < 2.3.0 - Authentication Bypass via Database Query Fallback
Dec 13, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-55633
MEDIUM
Apache Superset < 4.1.0 - Incorrect Authorization via SQL DML Statement
Dec 12, 2024
CVSS 6.5
EPSS 0.03
CVE-2024-55587
HIGH
python-libarchive through 4.2.1 - Path Traversal via ZipFile.extract and ZipFile.extractall
Dec 12, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-55655
LOW
sigstore-python 2.0.0-3.6.0 - Improper Input Validation of Integration Time in v2 and v3 Bundles
Dec 10, 2024
EPSS 0.00
CVE-2024-21542
HIGH
luigi < 3.6.0 - Arbitrary File Write via Archive Extraction
Dec 10, 2024
CVSS 8.6
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters