pypi

4,718 tracked vulnerabilities.

CVE-2024-1681 MEDIUM
flask-cors < 4.0.1 - Log Injection via CRLF Sequence in Request Path
Apr 19, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32474 HIGH
Sentry 24.3.0-24.4.1 - Cleartext Password Exposure in Superuser Authentication Logs
Apr 18, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-27306 MEDIUM
aiohttp < 3.9.4 - Cross-Site Scripting in Static File Index Pages
Apr 18, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-31869 MEDIUM
Apache Airflow 2.7.0-2.8.4 - Authenticated Sensitive Information Exposure via Configuration UI Page
Apr 18, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-31583 HIGH
PyTorch < 2.2.0 - Use-After-Free in Mobile Interpreter
Apr 17, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-31580 MEDIUM
PyTorch < 2.2.0 - Heap-based Buffer Overflow in Vararg Functions
Apr 17, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-3660 CRITICAL
Keras < 2.13.1 - Arbitrary Code Injection via Model Loading
Apr 16, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-3575 MEDIUM
mindsdb - Stored Cross-Site Scripting
Apr 16, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-3574 HIGH
scrapy < 2.11.1 - Authorization Header Leak via Cross-Domain Redirect
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3573 CRITICAL
MLflow < 2.10.0 - Local File Inclusion via URI Scheme Parsing Bypass
Apr 16, 2024
CVSS 9.3
EPSS 0.00
CVE-2024-3572 HIGH
Scrapy 2.0.0-2.11.1 - XML External Entity Injection via lxml Parsing
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3571 HIGH
langchain-ai/langchain - Path Traversal
Apr 16, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-3271 CRITICAL
llamaindex 0.10.6-0.10.25 - Remote Code Execution via safe_eval Underscore Bypass
Apr 16, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2912 CRITICAL
BentoML 1.2.0-1.2.4 - Remote Code Execution via Insecure Deserialization
Apr 16, 2024
CVSS 10.0
EPSS 0.07
CVE-2024-2260 MEDIUM
zenml < 0.56.2 - Session Fixation via JWT Token Reuse
Apr 16, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-2083 CRITICAL
zenml < 0.55.5 - Path Traversal via /api/v1/steps Logs URI Parameter
Apr 16, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-1594 HIGH
MLflow - Path Traversal via Artifact Location URI Fragment
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-1593 HIGH
MLflow - Path Traversal via Semicolon Parameter Smuggling
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-1561 HIGH NUCLEI
gradio-app/gradio - Info Disclosure
Apr 16, 2024
CVSS 7.5
EPSS 0.93
CVE-2024-1560 HIGH
lfprojects mlflow < 2.9.2 - Path Traversal via Double Decoding in Artifact Deletion
Apr 16, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1558 HIGH
MLflow < 2.12.1 - Path Traversal via Source Parameter in _create_model_version()
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-1483 HIGH NUCLEI
mlflow < 2.12.1 - Path Traversal via Artifact Location and Source Parameters
Apr 16, 2024
CVSS 7.5
EPSS 0.75
CVE-2024-1183 MEDIUM NUCLEI
gradio 3.41.0-4.10.0 - Server-Side Request Forgery via File Parameter
Apr 16, 2024
CVSS 6.5
EPSS 0.55
CVE-2024-1135 HIGH
Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header Mismanagement
Apr 16, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3772 MEDIUM
Pydantic < 1.10.13 and 2.0.0-2.4.0 - Denial of Service via Crafted Email String
Apr 15, 2024
CVSS 5.9
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV