pypi

4,718 tracked vulnerabilities.

CVE-2024-2383 MEDIUM
zenml <= 0.55.5 - Clickjacking via Missing X-Frame-Options Header
Jun 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-2213 LOW
zenml-io/zenml <0.55.4 - Auth Bypass
Jun 06, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-2171 MEDIUM
zenml < 0.56.2 - Stored Cross-Site Scripting via Logo URL Field
Jun 06, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-2035 MEDIUM
zenml < 0.56.2 - Authenticated Missing Authorization via API PUT /api/v1/users/id Endpoint
Jun 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-2032 LOW
zenml-io/zenml <0.55.3 - Info Disclosure
Jun 06, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-0520 HIGH
mlflow/mlflow <8.2.1 - Command Injection
Jun 06, 2024
CVSS 8.8
EPSS 0.05
CVE-2024-5452 CRITICAL
pytorch_lightning < 2.3.3 - Remote Code Execution via Deepdiff Delta Dunder Attribute Bypass
Jun 06, 2024
CVSS 9.8
EPSS 0.51
CVE-2024-4941 HIGH
gradio-app/gradio <4.25 - Local File Inclusion
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-4325 HIGH NUCLEI
gradio < 4.41.0 - Server-Side Request Forgery via /queue/join Endpoint
Jun 06, 2024
CVSS 8.6
EPSS 0.65
CVE-2024-35178 HIGH
jupyter_server < 2.14.1 - Unauthenticated NTLMv2 Password Hash Exposure
Jun 06, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-5629 MEDIUM
PyMongo < 4.6.3 - Out-of-bounds Read in BSON Module
Jun 05, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-37065 HIGH
skops >= 0.6 - Remote Code Execution via Model Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37064 HIGH
ydata-profiling >= 3.7.0 - Remote Code Execution via Untrusted Data Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37063 HIGH
ydata-profiling >= 3.7.0 - Stored Cross-Site Scripting via Malicious Report
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37062 HIGH
ydata-profiling >= 3.7.0 - Remote Code Execution via Malicious Report Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37061 HIGH
MLflow >= 1.11.0 - Remote Code Execution via Malicious MLproject
Jun 04, 2024
CVSS 8.8
EPSS 0.04
CVE-2024-37060 HIGH
MLflow >= 1.27.0 - Remote Code Execution via Malicious Recipe Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37059 HIGH
MLflow >= 0.5.0 - Remote Code Execution via PyTorch Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37058 HIGH
MLflow >= 2.5.0 - Remote Code Execution via Langchain AgentExecutor Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37057 HIGH
MLflow >= 2.0.0 - Remote Code Execution via Tensorflow Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37056 HIGH
MLflow >= 1.23.0 - Remote Code Execution via LightGBM Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37055 HIGH
MLflow >= 1.24.0 - Remote Code Execution via Malicious Pmdarima Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37054 HIGH
MLflow >= 0.9.0 - Remote Code Execution via PyFunc Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37053 HIGH
MLflow >= 1.1.0 - Remote Code Execution via Malicious scikit-learn Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37052 HIGH
MLflow >= 1.1.0 - Remote Code Execution via Malicious scikit-learn Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV