pypi

4,718 tracked vulnerabilities.

CVE-2024-32005 HIGH
NiceGUI <1.4.21 - Local File Inclusion
Apr 12, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-28718 CRITICAL
OpenStack Magnum - Remote Code Execution via cert_manager.py TOCTOU Race Condition
Apr 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29019 HIGH
ESPHome 2023.12.9-2024.3.0 - Cross-Site Request Forgery in Dashboard API Endpoints
Apr 11, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-3568 CRITICAL
huggingface/transformers - Code Injection
Apr 10, 2024
CVSS 9.6
EPSS 0.24
CVE-2024-3098 CRITICAL
llama-index-core < 0.10.24 - Remote Code Execution via safe_eval Function
Apr 10, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-2952 CRITICAL
litellm < 1.34.42 - Server-Side Template Injection via Completions Endpoint
Apr 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2196 HIGH
aim - Cross-Site Request Forgery via Missing CSRF and CORS Protection
Apr 10, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-2195 CRITICAL
Aim >=3.0.0 - Remote Code Execution via run_search_api Query Parameter
Apr 10, 2024
CVSS 9.8
EPSS 0.08
CVE-2024-1728 HIGH NUCLEI
gradio 4.18.0-4.19.2 - Path Traversal and Arbitrary File Read via UploadButton Queue Join Endpoint
Apr 10, 2024
CVSS 7.5
EPSS 0.85
CVE-2024-22423 HIGH
yt-dlp 2021.04.11-2024.04.09 - Command Injection via --exec Template Expansion
Apr 09, 2024
CVSS 8.3
EPSS 0.06
CVE-2024-29905 HIGH
DIRAC < 8.0.41 - Unauthorized Proxy Access via Temporary File Exposure
Apr 09, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-28732 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPMatch Infinite Loop
Apr 08, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-31215 MEDIUM
Mobile Security Framework < 3.9.8 - Server-Side Request Forgery via Firebase Database Check
Apr 04, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-3116 HIGH
pgAdmin4 <= 8.4 - Remote Code Execution via Validate Binary Path API
Apr 04, 2024
CVSS 7.4
EPSS 0.91
CVE-2024-30265 HIGH
Collabora Online - Local File Inclusion
Apr 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-28219 MEDIUM
Pillow < 10.3.0 - Buffer Overflow via Unsafe strcpy in _imagingcms.c
Apr 03, 2024
CVSS 6.7
EPSS 0.00
CVE-2024-30248 HIGH
piccolo-admin 1.2.0-1.3.2 - Stored Cross-Site Scripting via SVG File Upload
Apr 02, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-29640 CRITICAL
aliyundrive-webdav 2.3.3 - Remote Code Execution via sid Parameter in action_query_qrcode
Mar 29, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-1729 MEDIUM
gradio < 4.19.2 - Timing Attack via Login Function Password Comparison
Mar 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-29888 MEDIUM
Saleor 3.14.56-3.14.61 - Unauthorized Exposure of Private Personal Information via Click-and-Collect Address Overwrite
Mar 27, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-28233 HIGH
JupyterHub < 4.1.0 - Cross-Site Scripting via Malicious Subdomain
Mar 27, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1540 HIGH
gradio < 4.18.0 - Command Injection via GitHub Context Expression Handling
Mar 27, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-28335 CRITICAL
Lektor < 3.3.11 - Remote Code Execution via DB Path Traversal
Mar 27, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-2206 MEDIUM
gradio < 4.18.0 - Server-Side Request Forgery via Proxy Route URL Validation
Mar 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-29735 MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
Mar 26, 2024
CVSS 5.3
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV