pypi

4,718 tracked vulnerabilities.

CVE-2024-5023 CRITICAL
Netflix ConsoleMe < 1.4.0 - Command Injection
May 16, 2024
EPSS 0.01
CVE-2024-4263 MEDIUM
mlflow/mlflow <2.10.1 - Info Disclosure
May 16, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4181 HIGH
Llamaindex < 0.10.13 - Code Injection
May 16, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-4078 CRITICAL
parisneo/lollms - Remote Code Execution via Unsanitized Name Parameter in /unInstall_binding Endpoint
May 16, 2024
CVSS 9.8
EPSS 0.10
CVE-2024-3848 HIGH NUCLEI
MLflow < 2.12.1 - Path Traversal via URL Fragment Bypass
May 16, 2024
CVSS 7.5
EPSS 0.77
CVE-2024-32977 HIGH
OctoPrint <= 1.10.0 - Unauthenticated Authentication Bypass via X-Forwarded-For Header Spoofing
May 14, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-32077 MEDIUM
Apache Airflow <2.9.1 - Code Injection
May 14, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-34707 HIGH
Nautobot < 1.6.22 - Authenticated Stored Cross-Site Scripting via Banner Configuration
May 14, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-34359 CRITICAL
llama-cpp-python >=0.2.30 <0.2.72 - Remote Code Execution via Jinja2 Template Injection
May 14, 2024
CVSS 9.6
EPSS 0.62
CVE-2024-32874 MEDIUM
Frigate < 0.13.2 - Denial of Service via Large Unicode Filename
May 14, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-28148 MEDIUM
Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request
May 07, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-34078 MEDIUM
html-sanitizer <2.4.2 - Info Disclosure
May 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34069 HIGH
Werkzeug < 3.0.3 - Remote Code Execution via Debugger PIN Bypass
May 06, 2024
CVSS 7.5
EPSS 0.44
CVE-2024-34064 MEDIUM
Jinja < 3.1.4 - Cross-Site Scripting via xmlattr Filter Key Injection
May 06, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-32982 HIGH
Litestar < 2.8.3, < 2.7.2, < 2.6.4 - Path Traversal in Static File Serving
May 06, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-34529 MEDIUM
Nebari - Exposure of Sensitive Information via Keycloak Root Password
May 06, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-34528 HIGH
WordOps < 3.21.0 - Time-of-check Time-of-use Race Condition in Stack Pref Plugin
May 06, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-34510 HIGH
Gradio < 4.20.0 - Credential Leakage on Windows
May 05, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-34489 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPHello Length Zero
May 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34488 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPMultipartReply Infinite Loop
May 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34487 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPFlowStats Infinite Loop
May 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34486 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPQueueProp.len Zero Value
May 05, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-34484 MEDIUM
Faucet SDN Ryu 4.34 - Denial of Service via OFPBucket Action Length Zero
May 05, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-34483 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPBucket.len=0
May 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-31636 LOW
LIEF 0.14.1 - Information Disclosure via Uninitialized Variable in machd_reader.c
May 03, 2024
CVSS 3.9
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV