pypi

4,993 tracked vulnerabilities.

CVE-2024-40647 MEDIUM
Sentry-sdk <2.8.0 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39126 MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting via JavaScript in PDF, XML, and SVG Documents
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39125 MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting via HTTP Referer Header
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39124 MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting in Class Helpers
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-31411 HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
Jul 17, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-31979 MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471 LOW
Apache StreamPipes <= 0.93.0 - Time-of-check Time-of-use Race Condition in User Self-Registration
Jul 17, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-39877 HIGH
Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-39863 MEDIUM
Apache Airflow < 2.9.3 - Authenticated Stored Cross-Site Scripting via Provider Installation Link
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-40637 MEDIUM
dbt_core < 1.6.14 - Code Injection via Malicious Package Override
Jul 16, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-39887 MEDIUM NUCLEI
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
Jul 16, 2024
CVSS 4.3
EPSS 0.04
CVE-2024-40627 MEDIUM
fastapi-opa < 2.0.1 - Unauthenticated Information Disclosure via OPTIONS Request Bypass
Jul 15, 2024
CVSS 5.8
EPSS 0.01
CVE-2024-21513 HIGH
langchain-experimental 0.0.15-<0.0.21 - Remote Code Execution via VectorSQLDatabaseChain Eval
Jul 15, 2024
CVSS 8.5
EPSS 0.02
CVE-2024-6345 HIGH
setuptools < 70.0.0 - Remote Code Execution via Package Index Download Functions
Jul 15, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-39903 HIGH NUCLEI
Solara < 1.35.1 - Local File Inclusion via URI Fragment Path Traversal
Jul 12, 2024
CVSS 8.6
EPSS 0.03
CVE-2024-39905 MEDIUM
Red-DiscordBot 3.5.0-3.5.9 - Incorrect Authorization via @commands.can_manage_channel()
Jul 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39317 MEDIUM
Wagtail 2.0-5.2.5, 6.0-6.0.5 - Denial of Service via parse_query_string Inefficient Regular Expression
Jul 11, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-39614 HIGH
Django 4.2-4.2.13 and 5.0-5.0.6 - Denial of Service in get_supported_language_variant()
Jul 10, 2024
CVSS 7.5
EPSS 0.29
CVE-2024-39330 MEDIUM
Django 4.2-4.2.13 and 5.0-5.0.6 - Path Traversal via Custom Storage Class generate_filename() Override
Jul 10, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-39329 MEDIUM
Django <5.0.7, <4.2.14 - Info Disclosure
Jul 10, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-38875 HIGH
Django 4.2-4.2.13 and 5.0-5.0.6 - Denial of Service via urlize and urlizetrunc Bracket Handling
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5569 MEDIUM
zipp < 3.19.1 - Denial of Service via Infinite Loop in Path Module Functions
Jul 09, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-6227 HIGH
aim 3.19.3 - Denial of Service via Remote Tracking Server Loop
Jul 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3651 HIGH
kjd/idna < 3.7 - Denial of Service via Quadratic Complexity in idna.encode()
Jul 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5753 HIGH
vanna-ai/vanna 0.3.4 - Unauthenticated SQL Injection via pg_read_file()
Jul 05, 2024
CVSS 7.5
EPSS 0.01