pypi
4,993 tracked vulnerabilities.
CVE-2024-39689
HIGH
certifi 2021.5.30-2024.7.4 - Insufficient Verification of Data Authenticity via GLOBALTRUST Root Certificates
Jul 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32498
MEDIUM
OpenStack <24.0.0, <28.0.2, <29.0.3 - Info Disclosure
Jul 05, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-31223
MEDIUM
NUCLEI
Fides 2.19.0-2.39.2rc0 - Unauthenticated Exposure of Sensitive System Information via SERVER_SIDE_FIDES_API_URL
Jul 03, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-38537
NONE
Fides < 2.39.1 - Untrusted Script Execution via polyfill.io Dependency
Jul 02, 2024
EPSS 0.01
CVE-2024-38519
HIGH
yt-dlp/youtube-dl < - Path Traversal
Jul 02, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-39303
MEDIUM
Weblate 4.14-5.6.1 - Path Traversal via Project Backup Restore
Jul 01, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-5062
MEDIUM
zenml 0.57.1 - Reflected Cross-Site Scripting via Survey Redirect Parameter
Jun 30, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-39705
CRITICAL
NLTK < 3.9 - Remote Code Execution via Pickle Deserialization
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-6139
HIGH
parisneo/lollms <9.6 - Path Traversal
Jun 27, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-6085
HIGH
lollms v9.6 - Unauthenticated Path Traversal and Arbitrary File Write via XTTS Server Root Folder Manipulation
Jun 27, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-5980
CRITICAL
lightning-ai/pytorch-lightning 2.2.4-2.3.2 - Path Traversal and Arbitrary File Write via Tar.gz Plugin Extraction
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5979
HIGH
h2o 3.46.0 - Denial of Service via run_tool Command in rapids Component
Jun 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5826
CRITICAL
vanna - Remote Code Execution via Prompt Injection in vanna.ask Function
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5824
HIGH
parisneo/lollms < 9.5.0 - Path Traversal and Remote Code Execution via /set_personality_config Endpoint
Jun 27, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-5751
CRITICAL
litellm < 1.40.16 - Remote Code Execution via Malicious Payload to /config/update Endpoint
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5710
MEDIUM
litellm < 1.40.15 - Unauthenticated Improper Access Control in Team Management Endpoints
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-22232
HIGH
Salt File Server < unknown - Path Traversal
Jun 27, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-22231
MEDIUM
Salt < 3005.5 - Directory Traversal via Syndic Cache Directory Creation
Jun 27, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-21520
MEDIUM
djangorestframework < 3.15.2 - Cross-Site Scripting via break_long_headers Template Filter
Jun 26, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38526
HIGH
NUCLEI
pdoc < 14.5.1 - Dependency on Vulnerable Third-Party Component via polyfill.io CDN
Jun 26, 2024
CVSS 7.2
EPSS 0.04
CVE-2024-3121
LOW
lollms 5.9.0 - Remote Code Execution via create_conda_env Function
Jun 24, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-5443
CRITICAL
lollms < 9.5.1 - Path Traversal and Remote Code Execution via ExtensionBuilder Mount Endpoint
Jun 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-4940
MEDIUM
NUCLEI
gradio - Open Redirect via Improper URL Validation
Jun 22, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-28397
MEDIUM
NUCLEI
pyload-ng js2py - Remote Code Execution
Jun 20, 2024
CVSS 5.3
EPSS 0.05
CVE-2024-34693
MEDIUM
Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile
Jun 20, 2024
CVSS 6.8
EPSS 0.02
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters