pypi

4,998 tracked vulnerabilities.

CVE-2024-10073 MEDIUM
flairNLP flair 0.14.0 - Code Injection
Oct 17, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-21272 HIGH
MySQL Connector/Python <= 9.0.0 - Authenticated Remote Takeover via Multiple Protocols
Oct 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47874 HIGH
Starlette < 0.40.0 - Denial of Service via Unbounded Multipart Form Data Handling
Oct 15, 2024
EPSS 0.01
CVE-2024-48911 HIGH
OpenCanary < 0.9.4 - Privilege Escalation via Config File Manipulation
Oct 14, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-6985 MEDIUM
lollms/lollms < 5.9.0 - Path Traversal via Personality Folder Parameter
Oct 11, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-6971 MEDIUM
lollms-webui - Path Traversal in lollms_file_system.py
Oct 11, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-47872 MEDIUM
gradio < 5.0.0 - Stored Cross-Site Scripting via File Upload
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47871 CRITICAL
gradio < 5.0.0 - Missing Encryption of Sensitive Data via FRP Client-Server Communication
Oct 10, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-47870 HIGH
Gradio < 5.0.0 - Race Condition in update_root_in_config
Oct 10, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-47869 LOW
gradio < 4.44.0 - Timing Attack via Analytics Dashboard Hash Comparison
Oct 10, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-47868 HIGH
Gradio < 5.0.0 - Path Traversal and Arbitrary File Read via FileData Components
Oct 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47867 HIGH
Gradio < 5.0.0 - Insufficient Integrity Check on FRP Client Download
Oct 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47168 MEDIUM
gradio < 4.44.0 - Unauthenticated Data Exposure via Monitoring Endpoint
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47167 CRITICAL
Gradio < 5.0 queue/join - Server-Side Request Forgery
Oct 10, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-47166 MEDIUM
gradio < 4.44.0 - Path Traversal via Custom Component Endpoint
Oct 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-47165 MEDIUM
gradio < 5.0.0 - Improper Authorization via Null Origin CORS Bypass
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-47164 MEDIUM
Gradio < 5.0.0 - Path Traversal Bypass via is_in_or_equal Function
Oct 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-47084 HIGH
Gradio < 4.44.0 - Improper Authorization via CORS Origin Validation Bypass
Oct 10, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-7041 MEDIUM
open-webui v0.3.8 - Authorization Bypass via Memories Update API Endpoint
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7037 HIGH
open-webui v0.3.8 - Arbitrary File Write and Delete via /api/pipelines/upload Endpoint
Oct 09, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-7038 LOW
open-webui 0.3.8 - Information Disclosure via Embedding Model Update Error Messages
Oct 09, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-47833 MEDIUM
Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies
Oct 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-43497 HIGH
DeepSpeed < 0.15.1 - Remote Code Execution
Oct 08, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-25885 HIGH
xhtml2pdf 0.2.13 - Denial of Service via getcolor Function ReDOS
Oct 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-45231 MEDIUM
Django v5.1.1-v4.2.16 - Info Disclosure
Oct 08, 2024
CVSS 5.3
EPSS 0.01