pypi

4,993 tracked vulnerabilities.

CVE-2024-39689 HIGH
certifi 2021.5.30-2024.7.4 - Insufficient Verification of Data Authenticity via GLOBALTRUST Root Certificates
Jul 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32498 MEDIUM
OpenStack <24.0.0, <28.0.2, <29.0.3 - Info Disclosure
Jul 05, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-31223 MEDIUM NUCLEI
Fides 2.19.0-2.39.2rc0 - Unauthenticated Exposure of Sensitive System Information via SERVER_SIDE_FIDES_API_URL
Jul 03, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-38537 NONE
Fides < 2.39.1 - Untrusted Script Execution via polyfill.io Dependency
Jul 02, 2024
EPSS 0.01
CVE-2024-38519 HIGH
yt-dlp/youtube-dl < - Path Traversal
Jul 02, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-39303 MEDIUM
Weblate 4.14-5.6.1 - Path Traversal via Project Backup Restore
Jul 01, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-5062 MEDIUM
zenml 0.57.1 - Reflected Cross-Site Scripting via Survey Redirect Parameter
Jun 30, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-39705 CRITICAL
NLTK < 3.9 - Remote Code Execution via Pickle Deserialization
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-6139 HIGH
parisneo/lollms <9.6 - Path Traversal
Jun 27, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-6085 HIGH
lollms v9.6 - Unauthenticated Path Traversal and Arbitrary File Write via XTTS Server Root Folder Manipulation
Jun 27, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-5980 CRITICAL
lightning-ai/pytorch-lightning 2.2.4-2.3.2 - Path Traversal and Arbitrary File Write via Tar.gz Plugin Extraction
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5979 HIGH
h2o 3.46.0 - Denial of Service via run_tool Command in rapids Component
Jun 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5826 CRITICAL
vanna - Remote Code Execution via Prompt Injection in vanna.ask Function
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5824 HIGH
parisneo/lollms < 9.5.0 - Path Traversal and Remote Code Execution via /set_personality_config Endpoint
Jun 27, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-5751 CRITICAL
litellm < 1.40.16 - Remote Code Execution via Malicious Payload to /config/update Endpoint
Jun 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5710 MEDIUM
litellm < 1.40.15 - Unauthenticated Improper Access Control in Team Management Endpoints
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-22232 HIGH
Salt File Server < unknown - Path Traversal
Jun 27, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-22231 MEDIUM
Salt < 3005.5 - Directory Traversal via Syndic Cache Directory Creation
Jun 27, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-21520 MEDIUM
djangorestframework < 3.15.2 - Cross-Site Scripting via break_long_headers Template Filter
Jun 26, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38526 HIGH NUCLEI
pdoc < 14.5.1 - Dependency on Vulnerable Third-Party Component via polyfill.io CDN
Jun 26, 2024
CVSS 7.2
EPSS 0.04
CVE-2024-3121 LOW
lollms 5.9.0 - Remote Code Execution via create_conda_env Function
Jun 24, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-5443 CRITICAL
lollms < 9.5.1 - Path Traversal and Remote Code Execution via ExtensionBuilder Mount Endpoint
Jun 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-4940 MEDIUM NUCLEI
gradio - Open Redirect via Improper URL Validation
Jun 22, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-28397 MEDIUM NUCLEI
pyload-ng js2py - Remote Code Execution
Jun 20, 2024
CVSS 5.3
EPSS 0.05
CVE-2024-34693 MEDIUM
Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile
Jun 20, 2024
CVSS 6.8
EPSS 0.02