pypi

4,998 tracked vulnerabilities.

CVE-2024-11394 HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via Trax Model Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-11393 HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via MaskFormer Model Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-11392 HIGH
Hugging Face Transformers MobileViTV2 - Deserialization
Nov 22, 2024
CVSS 8.8
EPSS 0.07
CVE-2024-53253 MEDIUM
Sentry 24.11.0 - Information Disclosure of Integration Client Secret in Error Message
Nov 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-52804 HIGH
Tornado < 6.4.2 - Denial of Service via Malicious Cookie Header Parsing
Nov 22, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52803 HIGH
llama-factory < 0.9.1 - OS Command Injection via Popen with shell=True
Nov 21, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-52581 HIGH
Litestar < 2.13.0 - Denial of Service via Multipart Form Parser
Nov 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-11406 MEDIUM
django CMS Attributes Fields <4.0 - XSS
Nov 20, 2024
CVSS 6.9
EPSS 0.00
CVE-2024-11404 MEDIUM
django-filer < 3.3.0 - Unrestricted File Upload and Stored Cross-Site Scripting
Nov 20, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-52595 HIGH
lxml_html_clean < 0.4.0 - Cross-Site Scripting via Improper Context-Switching Tag Handling
Nov 19, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-52304 HIGH
aiohttp <3.10.11 - Request Smuggling
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52303 HIGH
aiohttp <3.10.11 - Memory Corruption
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47533 CRITICAL NUCLEI
Cobbler <3.2.3, <3.3.7 - Auth Bypass
Nov 18, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-37155 MEDIUM
OpenCTI < 6.1.9 - Unauthenticated Improper Access Control via GraphQL Introspection Query Bypass
Nov 18, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-11319 MEDIUM
django-cms 3.11.7-3.11.8 4.1.2-4.1.3 - Stored Cross-Site Scripting in Page Title Field
Nov 18, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-45784 HIGH
Apache Airflow <2.10.3 - Info Disclosure
Nov 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-52524 MEDIUM
Giskard < 2.15.5 - Denial of Service via Inefficient Regular Expression Complexity
Nov 14, 2024
EPSS 0.01
CVE-2024-4311 MEDIUM
zenml < 0.57.0rc2 - Account Takeover via Unlimited Password Change Attempts
Nov 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-49048 HIGH
TorchGeo < 0.6.1 - Remote Code Execution
Nov 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-43598 HIGH
LightGBM < 4.6.0 - Remote Code Execution
Nov 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-52296 MEDIUM
libosdp < 2.4.0 - Unauthenticated NULL Pointer Dereference in osdp_reply_name
Nov 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-11079 MEDIUM
ansible-core >=2.18.0b1 <2.18.1rc1 - Arbitrary Code Execution via Hostvars Object
Nov 12, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-52288 MEDIUM
libosdp < 3.0.0 - Message Integrity Bypass via Unexpected REPLY_CCRYPT or REPLY_RMAC_I
Nov 11, 2024
CVSS 5.1
EPSS 0.00
CVE-2024-27530 HIGH
wasm3 139076a - Use-After-Free in ForEachModule
Nov 08, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-27529 HIGH
wasm3 139076a - Out-of-bounds Read in Read_utf8
Nov 08, 2024
CVSS 8.4
EPSS 0.00