pypi

4,993 tracked vulnerabilities.

CVE-2024-41991 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - Denial of Service via Unicode Character Input
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-41990 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - Denial of Service via urlize() and urlizetrunc() Template Filters
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-41989 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - Uncontrolled Resource Consumption via floatformat Template Filter
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-42447 CRITICAL
Apache Airflow Providers FAB - Info Disclosure
Aug 05, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-7319 MEDIUM
openstack-heat - Exposure of Sensitive Information via Stack Abandon Command
Aug 02, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-41955 MEDIUM NUCLEI
Mobile Security Framework < 4.0.5 - Open Redirect in Authentication View
Jul 31, 2024
CVSS 5.2
EPSS 0.01
CVE-2024-41951 MEDIUM
Pheonix App <0.2.4 - Info Disclosure
Jul 31, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-41950 HIGH
Haystack < 2.3.1 - Remote Code Execution via Jinja2 Template Injection
Jul 31, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-7340 HIGH NUCLEI
Weave < 0.50.8 - Path Traversal and Arbitrary File Read via Server API
Jul 31, 2024
CVSS 8.8
EPSS 0.05
CVE-2024-6578 MEDIUM
aim 3.19.3 - Stored Cross-Site Scripting in Logs-Tab via Terminal Output
Jul 29, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-41810 MEDIUM NUCLEI
twisted < 24.7.0rc1 - Reflected Cross-Site Scripting via redirectTo Function
Jul 29, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-41671 HIGH
Twisted < 24.7.0rc1 - HTTP Request Smuggling via Pipelined Request Mismanagement
Jul 29, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-41672 HIGH
DuckDB < 1.1.0 - Unauthorized File Read via sniff_csv Function
Jul 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-40767 MEDIUM
OpenStack Nova <27.4.1,28.2.1,29.1.1 - Info Disclosure
Jul 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-41656 HIGH
Sentry 10.0.0-24.7.1 - Stored Cross-Site Scripting via Integration Platform Payload
Jul 23, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-41129 MEDIUM
ops 2.0.0-2.14.9 - Sensitive Information Disclosure in Log Files via CLI Arguments
Jul 22, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-32152 LOW
Anki < 24.6 - Arbitrary File Creation via LaTeX Blocklist Bypass
Jul 22, 2024
CVSS 3.1
EPSS 0.12
CVE-2024-29073 MEDIUM
Anki < 24.6 - Arbitrary File Read via Latex Verbatim Package
Jul 22, 2024
CVSS 5.3
EPSS 0.12
CVE-2024-26020 CRITICAL
Anki < 24.06 - Arbitrary Script Execution via MPV Flashcard Rendering
Jul 22, 2024
CVSS 9.6
EPSS 0.15
CVE-2024-6961 MEDIUM
guardrails-ai < 0.5.0 - XML External Entity Injection in RAIL Document Parser
Jul 21, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-6281 HIGH
parisneo/lollms <9.5.1 - Path Traversal
Jul 20, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-41124 MEDIUM
Puncia < 0.21 - Missing Encryption of Sensitive Data via HTTP API_URLs
Jul 19, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39123 MEDIUM
janeczku Calibre-Web 0.6.0-0.6.21 - Cross-Site Scripting in Edit Book Comments
Jul 19, 2024
CVSS 5.4
EPSS 0.23
CVE-2024-35199 HIGH
TorchServe 0.3.0-0.11.0 - Unprotected gRPC Interface Exposure
Jul 19, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-35198 CRITICAL
TorchServe < 0.11.0 - Security Feature Bypass via URL Path Traversal
Jul 19, 2024
CVSS 9.8
EPSS 0.01