pypi
4,998 tracked vulnerabilities.
CVE-2024-10073
MEDIUM
flairNLP flair 0.14.0 - Code Injection
Oct 17, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-21272
HIGH
MySQL Connector/Python <= 9.0.0 - Authenticated Remote Takeover via Multiple Protocols
Oct 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47874
HIGH
Starlette < 0.40.0 - Denial of Service via Unbounded Multipart Form Data Handling
Oct 15, 2024
EPSS 0.01
CVE-2024-48911
HIGH
OpenCanary < 0.9.4 - Privilege Escalation via Config File Manipulation
Oct 14, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-6985
MEDIUM
lollms/lollms < 5.9.0 - Path Traversal via Personality Folder Parameter
Oct 11, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-6971
MEDIUM
lollms-webui - Path Traversal in lollms_file_system.py
Oct 11, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-47872
MEDIUM
gradio < 5.0.0 - Stored Cross-Site Scripting via File Upload
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47871
CRITICAL
gradio < 5.0.0 - Missing Encryption of Sensitive Data via FRP Client-Server Communication
Oct 10, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-47870
HIGH
Gradio < 5.0.0 - Race Condition in update_root_in_config
Oct 10, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-47869
LOW
gradio < 4.44.0 - Timing Attack via Analytics Dashboard Hash Comparison
Oct 10, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-47868
HIGH
Gradio < 5.0.0 - Path Traversal and Arbitrary File Read via FileData Components
Oct 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47867
HIGH
Gradio < 5.0.0 - Insufficient Integrity Check on FRP Client Download
Oct 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47168
MEDIUM
gradio < 4.44.0 - Unauthenticated Data Exposure via Monitoring Endpoint
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47167
CRITICAL
Gradio < 5.0 queue/join - Server-Side Request Forgery
Oct 10, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-47166
MEDIUM
gradio < 4.44.0 - Path Traversal via Custom Component Endpoint
Oct 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47165
MEDIUM
gradio < 5.0.0 - Improper Authorization via Null Origin CORS Bypass
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47164
MEDIUM
Gradio < 5.0.0 - Path Traversal Bypass via is_in_or_equal Function
Oct 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-47084
HIGH
Gradio < 4.44.0 - Improper Authorization via CORS Origin Validation Bypass
Oct 10, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-7041
MEDIUM
open-webui v0.3.8 - Authorization Bypass via Memories Update API Endpoint
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7037
HIGH
open-webui v0.3.8 - Arbitrary File Write and Delete via /api/pipelines/upload Endpoint
Oct 09, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-7038
LOW
open-webui 0.3.8 - Information Disclosure via Embedding Model Update Error Messages
Oct 09, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-47833
MEDIUM
Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-43497
HIGH
DeepSpeed < 0.15.1 - Remote Code Execution
Oct 08, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-25885
HIGH
xhtml2pdf 0.2.13 - Denial of Service via getcolor Function ReDOS
Oct 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-45231
MEDIUM
Django v5.1.1-v4.2.16 - Info Disclosure
Oct 08, 2024
CVSS 5.3
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters