pypi

4,718 tracked vulnerabilities.

CVE-2024-3829 CRITICAL
qdrant/qdrant < 1.9.0 - Arbitrary File Read and Write via Snapshot Recovery Symlink Manipulation
Jun 03, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-35196 LOW
Sentry 24.3.0-24.5.0 - Sensitive Information Exposure in Slack Integration Logs
May 31, 2024
CVSS 2.0
EPSS 0.00
CVE-2024-5565 HIGH
Vanna - Remote Code Execution via Prompt Injection
May 31, 2024
CVSS 8.1
EPSS 0.05
CVE-2024-35189 MEDIUM
Fides < 2.37.0 - Sensitive Information Exposure via BigQuery Keyfile Creds API
May 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-35228 MEDIUM
Wagtail 6.0.0-6.0.4 and 6.1.0-6.1.1 - Authenticated Improper Permission Handling in Settings Module
May 30, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-4330 LOW
lollms_web_ui 9.6 - Path Traversal via 'category' Parameter in 'list_personalities' Endpoint
May 30, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-3924 MEDIUM
huggingface/text-generation-inference <= 2.0.0 - Remote Code Execution via GitHub Actions Workflow
May 30, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-34715 LOW
Fides < 2.37.0 - Sensitive Information Exposure in Database Password Logs
May 29, 2024
CVSS 2.3
EPSS 0.00
CVE-2024-36112 MEDIUM
Nautobot <1.6.22 & 2.0.0 - Info Disclosure
May 28, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-36110 HIGH
ansibleguy-webui <0.0.21 - Code Injection
May 28, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-36105 MEDIUM
dbt <1.6.15-1.8.1 - Info Disclosure
May 27, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-35374 CRITICAL
Mocodo Online < 4.2.6 - Remote Code Execution via SQL Case Input Field
May 24, 2024
CVSS 9.8
EPSS 0.08
CVE-2024-28188 MEDIUM
jupyter-scheduler < 1.1.6, 1.2.1, 1.8.2, 2.5.2 - Exposure of Sensitive Information via Conda Environment List
May 23, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32969 LOW
vantage6 < 4.5.0rc3 - Improper Access Control via Organization Addition
May 23, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-35061 HIGH
NASA AIT-Core < 2.5.2 - Missing Encryption of Sensitive Data
May 21, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-35059 HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via Pickle Deserialization
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35058 HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via API Wait Function
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35057 HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via Crafted Packet
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35056 CRITICAL
NASA AIT-Core < 2.5.2 - SQL Injection via query_packets and insert functions
May 21, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-36039 MEDIUM
PyMySQL < 1.1.1 - SQL Injection via Unescaped JSON Keys
May 21, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-35180 MEDIUM
OMERO.web < 5.26.0 - Cross-Site Scripting via JSONP Callback Parameter
May 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-35195 MEDIUM
Requests < 2.32.0 - Always-Incorrect Control Flow Implementation in Session Certificate Verification
May 20, 2024
CVSS 5.6
EPSS 0.00
CVE-2024-1968 HIGH
Scrapy < 1.8.4 and 2.0-2.11.1 - Authorization Header Exposure via Same-Domain Scheme Redirect
May 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-34083 MEDIUM
aiosmtpd < 1.4.6 - Man-in-the-Middle Attack via Extraneous Untrusted Data After STARTTLS
May 18, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4264 CRITICAL
litellm - Remote Code Execution via Unsafe Eval in get_secret Method
May 18, 2024
CVSS 9.8
EPSS 0.03
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV