pypi
4,993 tracked vulnerabilities.
CVE-2024-40647
MEDIUM
Sentry-sdk <2.8.0 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39126
MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting via JavaScript in PDF, XML, and SVG Documents
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39125
MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting via HTTP Referer Header
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39124
MEDIUM
Roundup < 2.4.0 - Cross-Site Scripting in Class Helpers
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-31411
HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
Jul 17, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-31979
MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471
LOW
Apache StreamPipes <= 0.93.0 - Time-of-check Time-of-use Race Condition in User Self-Registration
Jul 17, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-39877
HIGH
Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-39863
MEDIUM
Apache Airflow < 2.9.3 - Authenticated Stored Cross-Site Scripting via Provider Installation Link
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-40637
MEDIUM
dbt_core < 1.6.14 - Code Injection via Malicious Package Override
Jul 16, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-39887
MEDIUM
NUCLEI
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
Jul 16, 2024
CVSS 4.3
EPSS 0.04
CVE-2024-40627
MEDIUM
fastapi-opa < 2.0.1 - Unauthenticated Information Disclosure via OPTIONS Request Bypass
Jul 15, 2024
CVSS 5.8
EPSS 0.01
CVE-2024-21513
HIGH
langchain-experimental 0.0.15-<0.0.21 - Remote Code Execution via VectorSQLDatabaseChain Eval
Jul 15, 2024
CVSS 8.5
EPSS 0.02
CVE-2024-6345
HIGH
setuptools < 70.0.0 - Remote Code Execution via Package Index Download Functions
Jul 15, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-39903
HIGH
NUCLEI
Solara < 1.35.1 - Local File Inclusion via URI Fragment Path Traversal
Jul 12, 2024
CVSS 8.6
EPSS 0.03
CVE-2024-39905
MEDIUM
Red-DiscordBot 3.5.0-3.5.9 - Incorrect Authorization via @commands.can_manage_channel()
Jul 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39317
MEDIUM
Wagtail 2.0-5.2.5, 6.0-6.0.5 - Denial of Service via parse_query_string Inefficient Regular Expression
Jul 11, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-39614
HIGH
Django 4.2-4.2.13 and 5.0-5.0.6 - Denial of Service in get_supported_language_variant()
Jul 10, 2024
CVSS 7.5
EPSS 0.29
CVE-2024-39330
MEDIUM
Django 4.2-4.2.13 and 5.0-5.0.6 - Path Traversal via Custom Storage Class generate_filename() Override
Jul 10, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-39329
MEDIUM
Django <5.0.7, <4.2.14 - Info Disclosure
Jul 10, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-38875
HIGH
Django 4.2-4.2.13 and 5.0-5.0.6 - Denial of Service via urlize and urlizetrunc Bracket Handling
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5569
MEDIUM
zipp < 3.19.1 - Denial of Service via Infinite Loop in Path Module Functions
Jul 09, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-6227
HIGH
aim 3.19.3 - Denial of Service via Remote Tracking Server Loop
Jul 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3651
HIGH
kjd/idna < 3.7 - Denial of Service via Quadratic Complexity in idna.encode()
Jul 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5753
HIGH
vanna-ai/vanna 0.3.4 - Unauthenticated SQL Injection via pg_read_file()
Jul 05, 2024
CVSS 7.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters