pypi

4,998 tracked vulnerabilities.

CVE-2024-46455 CRITICAL
unstructured < 0.14.3 - XML External Entity Injection via XMLParser
Dec 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53949 MEDIUM
Apache Superset <4.1.0 - Auth Bypass
Dec 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-53948 MEDIUM
Apache Superset <4.1.0 - Info Disclosure
Dec 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-53947 CRITICAL
Apache Superset <4.1.0 - SQL Injection
Dec 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53908 CRITICAL
Django <5.1.4, 5.0 <5.0.10, 4.2 <4.2.17 - SQL Injection
Dec 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-53907 HIGH
Django 4.2-4.2.16 5.0-5.0.9 5.1-5.1.3 - Denial of Service via Nested Incomplete HTML Entities
Dec 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39163 HIGH
pyspider <= 0.3.10 - Cross-Site Request Forgery via Flask Endpoints
Dec 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-53867 MEDIUM
matrix-synapse 1.113.0rc1-1.120.0 - Exposure of Sensitive Room State Information via Sliding Sync
Dec 03, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-53863 CRITICAL
Synapse < 1.120.1 - Unrestricted Upload of File with Dangerous Type via Dynamic Thumbnail Generation
Dec 03, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-52815 MEDIUM
Synapse < 1.120.1 - Denial of Service via Malformed Federation Invite
Dec 03, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-52805 HIGH
Synapse < 1.120.1 - Denial of Service via Multipart/Form-Data Request
Dec 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37303 MEDIUM
Synapse < 1.106.0 - Unauthenticated Media Repository Cache Poisoning via Remote Media Download
Dec 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-37302 HIGH
Synapse < 1.106.0 - Unauthenticated Denial of Service via Remote Media Download
Dec 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-54000 HIGH
MobSF < 3.9.7 assetlinks Redirect - Server-Side Request Forgery
Dec 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-53999 HIGH
Mobile Security Framework < 4.2.9 - Stored Cross-Site Scripting via Filename Parameter
Dec 03, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-53981 HIGH
python-multipart < 0.0.18 - Denial of Service via Excessive Logging
Dec 02, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-53865 HIGH
zhmcclient < 1.18.1 - Cleartext Storage of Sensitive Information in Logs
Nov 29, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-53861 LOW
PyJWT 2.10.0 - Incorrect String Comparison in 'iss' Claim Validation
Nov 29, 2024
CVSS 2.2
EPSS 0.01
CVE-2024-53848 HIGH
check-jsonschema < 0.30.0 - Cache Confusion via Schema Basename Conflict
Nov 29, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-39162 MEDIUM
pyspider <= 0.3.10 - Cross-Site Scripting via /update Endpoint
Nov 29, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-52008 HIGH
Fides < 2.50.0 - Weak Password Policy Enforcement via User Invite Acceptance API
Nov 26, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-52787 CRITICAL
libre-chat 0.0.6 - Path Traversal via Crafted Filename in Uploaded File
Nov 25, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-27134 HIGH
MLflow < 2.16.0 - Local Privilege Escalation via Spark UDF ToCToU Race Condition
Nov 25, 2024
CVSS 7.0
EPSS 0.00
CVE-2024-53916 HIGH
OpenStack Neutron <25.0.1 - Privilege Escalation
Nov 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-53899 HIGH
virtualenv <20.26.6 - Command Injection
Nov 24, 2024
CVSS 7.8
EPSS 0.02