pypi
4,998 tracked vulnerabilities.
CVE-2024-46455
CRITICAL
unstructured < 0.14.3 - XML External Entity Injection via XMLParser
Dec 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53949
MEDIUM
Apache Superset <4.1.0 - Auth Bypass
Dec 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-53948
MEDIUM
Apache Superset <4.1.0 - Info Disclosure
Dec 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-53947
CRITICAL
Apache Superset <4.1.0 - SQL Injection
Dec 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53908
CRITICAL
Django <5.1.4, 5.0 <5.0.10, 4.2 <4.2.17 - SQL Injection
Dec 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53907
HIGH
Django 4.2-4.2.16 5.0-5.0.9 5.1-5.1.3 - Denial of Service via Nested Incomplete HTML Entities
Dec 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39163
HIGH
pyspider <= 0.3.10 - Cross-Site Request Forgery via Flask Endpoints
Dec 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-53867
MEDIUM
matrix-synapse 1.113.0rc1-1.120.0 - Exposure of Sensitive Room State Information via Sliding Sync
Dec 03, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-53863
CRITICAL
Synapse < 1.120.1 - Unrestricted Upload of File with Dangerous Type via Dynamic Thumbnail Generation
Dec 03, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-52815
MEDIUM
Synapse < 1.120.1 - Denial of Service via Malformed Federation Invite
Dec 03, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-52805
HIGH
Synapse < 1.120.1 - Denial of Service via Multipart/Form-Data Request
Dec 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37303
MEDIUM
Synapse < 1.106.0 - Unauthenticated Media Repository Cache Poisoning via Remote Media Download
Dec 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-37302
HIGH
Synapse < 1.106.0 - Unauthenticated Denial of Service via Remote Media Download
Dec 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-54000
HIGH
MobSF < 3.9.7 assetlinks Redirect - Server-Side Request Forgery
Dec 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-53999
HIGH
Mobile Security Framework < 4.2.9 - Stored Cross-Site Scripting via Filename Parameter
Dec 03, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-53981
HIGH
python-multipart < 0.0.18 - Denial of Service via Excessive Logging
Dec 02, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-53865
HIGH
zhmcclient < 1.18.1 - Cleartext Storage of Sensitive Information in Logs
Nov 29, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-53861
LOW
PyJWT 2.10.0 - Incorrect String Comparison in 'iss' Claim Validation
Nov 29, 2024
CVSS 2.2
EPSS 0.01
CVE-2024-53848
HIGH
check-jsonschema < 0.30.0 - Cache Confusion via Schema Basename Conflict
Nov 29, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-39162
MEDIUM
pyspider <= 0.3.10 - Cross-Site Scripting via /update Endpoint
Nov 29, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-52008
HIGH
Fides < 2.50.0 - Weak Password Policy Enforcement via User Invite Acceptance API
Nov 26, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-52787
CRITICAL
libre-chat 0.0.6 - Path Traversal via Crafted Filename in Uploaded File
Nov 25, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-27134
HIGH
MLflow < 2.16.0 - Local Privilege Escalation via Spark UDF ToCToU Race Condition
Nov 25, 2024
CVSS 7.0
EPSS 0.00
CVE-2024-53916
HIGH
OpenStack Neutron <25.0.1 - Privilege Escalation
Nov 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-53899
HIGH
virtualenv <20.26.6 - Command Injection
Nov 24, 2024
CVSS 7.8
EPSS 0.02
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters