pypi

4,718 tracked vulnerabilities.

CVE-2024-37300 HIGH
oauthenticator < 16.3.1 - Incorrect Authorization via GlobusOAuthenticator Configuration
Jun 12, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-36265 CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-36264 CRITICAL
Apache Submarine Commons Utils <0.8.0 - Auth Bypass
Jun 12, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-4315 CRITICAL
parisneo/lollms < 9.5 - Local File Inclusion via Windows Path Traversal
Jun 12, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-35225 CRITICAL
Jupyter Server Proxy 3.0.0-3.2.3 and 4.0.0-4.1.9 - Reflected Cross-Site Scripting via Host Path Segment
Jun 11, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-37301 HIGH
document-merge-service <= 6.5.1 - Remote Code Execution via Server-Side Template Injection
Jun 11, 2024
CVSS 7.2
EPSS 0.06
CVE-2024-35255 MEDIUM
Microsoft Authentication Library and Azure Identity SDK - Elevation of Privilege via Race Condition
Jun 11, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-37014 CRITICAL
Langflow < 0.6.19 - Remote Code Execution via Custom Component Endpoint
Jun 10, 2024
CVSS 9.8
EPSS 0.06
CVE-2024-37568 HIGH
Authlib < 1.3.1 - Algorithm Confusion in JWT Verification
Jun 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-4680 HIGH
zenml 0.56.3 - Insufficient Session Expiration after Password Change
Jun 08, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37388 CRITICAL
ebookmeta - XML External Entity Injection in get_metadata Function
Jun 07, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-36827 HIGH
ebookmeta < 1.2.8 - XML External Entity Injection via get_metadata Function
Jun 07, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-5550 MEDIUM
h2o 3.40.0.4 - Unauthenticated Path Traversal via Typeahead API
Jun 06, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-5225 HIGH
litellm < 1.40.2 - SQL Injection via /global/spend/logs API Key Parameter
Jun 06, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-5206 MEDIUM
scikit-learn <1.5.0 - Info Disclosure
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-5187 HIGH
ONNX 1.16.0 - Path Traversal and Arbitrary File Overwrite via Tar Extraction
Jun 06, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-4890 MEDIUM
litellm 1.27.14 - Blind SQL Injection via User ID Parameter
Jun 06, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-4888 HIGH
litellm < 1.35.19 - Unauthenticated Arbitrary File Deletion via /audio/transcriptions Endpoint
Jun 06, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-4881 HIGH
lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint
Jun 06, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3429 CRITICAL
lollms < 9.6 - Path Traversal via Insufficient Input Sanitization
Jun 06, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-3408 CRITICAL NUCLEI
D-Tale RCE
Jun 06, 2024
CVSS 9.8
EPSS 0.92
CVE-2024-3099 MEDIUM
MLflow < 2.11.3 - Model Name Spoofing and Denial of Service via URL Encoding
Jun 06, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-3095 HIGH
langchain 0.1.5-<0.2.9 - Server-Side Request Forgery via Web Research Retriever
Jun 06, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-2965 MEDIUM
langchain < 0.2.5 - Denial of Service via SitemapLoader Recursion
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-2928 HIGH NUCLEI
MLflow < 2.11.3 - Path Traversal
Jun 06, 2024
CVSS 7.5
EPSS 0.92
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV