pypi

4,718 tracked vulnerabilities.

CVE-2024-34073 HIGH
sagemaker-python-sdk - Command Injection
May 03, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-34072 HIGH
sagemaker-python-sdk <2.218.0 - Code Injection
May 03, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-34062 MEDIUM
tqdm 4.4.0-4.66.2 - Remote Code Execution via CLI Argument Eval
May 03, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-4216 HIGH
pgAdmin4 < 8.6 - Cross-Site Scripting via /settings/store API Response
May 02, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-4215 HIGH
pgAdmin4 < 8.6 - Multi-Factor Authentication Bypass
May 02, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-34061 MEDIUM NUCLEI
changedetection.io <0.45.22 - Reflected XSS
May 02, 2024
CVSS 4.3
EPSS 0.28
CVE-2024-30251 HIGH
aiohttp < 3.9.4 - Denial of Service via Crafted Multipart Form Data
May 02, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3955 CRITICAL
Pypi Cbpi4 < 4.4.1.a1 - Code Injection
May 02, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-32882 LOW
Wagtail 6.0.0-6.0.3 - Permission Bypass via FieldPanel Permission Argument
May 02, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-32979 HIGH
Nautobot 1.5.0-1.6.19 - Reflected Cross-Site Scripting via Filterable Object-List Views
May 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-4340 HIGH NUCLEI
sqlparse < 0.5.0 - Denial of Service via Recursive Parsing
Apr 30, 2024
CVSS 7.5
EPSS 0.12
CVE-2024-32880 CRITICAL
pyload < 0.5.0 - Authenticated Remote Code Execution via Template Upload
Apr 26, 2024
CVSS 9.1
EPSS 0.05
CVE-2024-33664 MEDIUM
python-jose < 3.3.0 - Denial of Service via JWE Token Decompression
Apr 26, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-33663 MEDIUM
python-jose < 3.3.0 - Algorithm Confusion with OpenSSH ECDSA Keys
Apr 26, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32651 CRITICAL NUCLEI
changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI
Apr 26, 2024
CVSS 10.0
EPSS 0.92
CVE-2024-32649 MEDIUM
vyperlang/vyper < 0.4.0 - Double Eval Vulnerability via sqrt Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32648 MEDIUM
vyperlang/vyper < 0.3.0 - Improper Locking in Default Functions
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32647 MEDIUM
vyperlang/vyper < 0.4.0 - Eval Injection via create_from_blueprint raw_args Parameter
Apr 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32646 MEDIUM
vyperlang/vyper < 0.4.0 - Double Evaluation Vulnerability via Slice Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32645 MEDIUM
vyperlang/vyper < 0.4.0 - Incorrect Topic Logging via RawLog Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32481 MEDIUM
vyper 0.3.8-0.4.0b1 - Denial of Service via Incorrect Signed Integer Comparison in Range Loop
Apr 25, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-32879 MEDIUM
Python Social Auth <5.4.1 - Info Disclosure
Apr 24, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-31208 MEDIUM
Synapse < 1.105.1 - Denial of Service via V2 State Resolution Algorithm
Apr 23, 2024
CVSS 6.5
EPSS 0.03
CVE-2024-28717 MEDIUM
OpenStack Storlets < 13.0.0.0rc1 - Remote Code Execution via gateway.py
Apr 22, 2024
CVSS 4.9
EPSS 0.03
CVE-2024-29733 LOW
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Apr 21, 2024
CVSS 2.7
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV