pypi
4,998 tracked vulnerabilities.
CVE-2024-11394
HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via Trax Model Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-11393
HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via MaskFormer Model Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-11392
HIGH
Hugging Face Transformers MobileViTV2 - Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.07
CVE-2024-53253
MEDIUM
Sentry 24.11.0 - Information Disclosure of Integration Client Secret in Error Message
Nov 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-52804
HIGH
Tornado < 6.4.2 - Denial of Service via Malicious Cookie Header Parsing
Nov 22, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52803
HIGH
llama-factory < 0.9.1 - OS Command Injection via Popen with shell=True
Nov 21, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-52581
HIGH
Litestar < 2.13.0 - Denial of Service via Multipart Form Parser
Nov 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-11406
MEDIUM
django CMS Attributes Fields <4.0 - XSS
Nov 20, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-11404
MEDIUM
django-filer < 3.3.0 - Unrestricted File Upload and Stored Cross-Site Scripting
Nov 20, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-52595
HIGH
lxml_html_clean < 0.4.0 - Cross-Site Scripting via Improper Context-Switching Tag Handling
Nov 19, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-52304
HIGH
aiohttp <3.10.11 - Request Smuggling
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52303
HIGH
aiohttp <3.10.11 - Memory Corruption
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47533
CRITICAL
NUCLEI
Cobbler <3.2.3, <3.3.7 - Auth Bypass
Nov 18, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-37155
MEDIUM
OpenCTI < 6.1.9 - Unauthenticated Improper Access Control via GraphQL Introspection Query Bypass
Nov 18, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-11319
MEDIUM
django-cms 3.11.7-3.11.8 4.1.2-4.1.3 - Stored Cross-Site Scripting in Page Title Field
Nov 18, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-45784
HIGH
Apache Airflow <2.10.3 - Info Disclosure
Nov 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52524
MEDIUM
Giskard < 2.15.5 - Denial of Service via Inefficient Regular Expression Complexity
Nov 14, 2024
EPSS 0.01
CVE-2024-4311
MEDIUM
zenml < 0.57.0rc2 - Account Takeover via Unlimited Password Change Attempts
Nov 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-49048
HIGH
TorchGeo < 0.6.1 - Remote Code Execution
Nov 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-43598
HIGH
LightGBM < 4.6.0 - Remote Code Execution
Nov 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-52296
MEDIUM
libosdp < 2.4.0 - Unauthenticated NULL Pointer Dereference in osdp_reply_name
Nov 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-11079
MEDIUM
ansible-core >=2.18.0b1 <2.18.1rc1 - Arbitrary Code Execution via Hostvars Object
Nov 12, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-52288
MEDIUM
libosdp < 3.0.0 - Message Integrity Bypass via Unexpected REPLY_CCRYPT or REPLY_RMAC_I
Nov 11, 2024
CVSS 5.1
EPSS 0.00
CVE-2024-27530
HIGH
wasm3 139076a - Use-After-Free in ForEachModule
Nov 08, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-27529
HIGH
wasm3 139076a - Out-of-bounds Read in Read_utf8
Nov 08, 2024
CVSS 8.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters