pypi
4,718 tracked vulnerabilities.
CVE-2024-26149
LOW
vyperlang/vyper < 0.3.10 - Memory Buffer Overflow in _abi_decode Array Index Handling
Feb 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-24564
LOW
vyper < 0.4.0 - Out-of-bounds Read via extract32 Function
Feb 26, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-27081
HIGH
ESPHome <2024.2.1 - Authenticated RCE
Feb 26, 2024
CVSS 7.2
EPSS 0.04
CVE-2024-27454
HIGH
orjson <3.9.15 - Stack-Based Buffer Overflow
Feb 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27447
CRITICAL
pretix < 2024.1.1 - Improper Input Validation
Feb 26, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-27444
CRITICAL
langchain-experimental < 0.1.8 - Remote Code Execution via Unrestricted Python Attribute Access
Feb 26, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-0243
HIGH
langchain < 0.1.0 - Server-Side Request Forgery via RecursiveUrlLoader
Feb 26, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-21502
HIGH
fastecdsa < 2.3.2 - Use of Uninitialized Variable in curvemath_mul
Feb 24, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27133
HIGH
MLflow < 2.9.2 and 2.9.2-2.10.0 - Stored Cross-Site Scripting in Dataset Table Fields
Feb 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27132
HIGH
MLflow < 2.9.2 and < 2.10.0 - Cross-Site Scripting via Untrusted Recipe Template Variables
Feb 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27319
MEDIUM
ONNX < 1.16.0 - Out-of-bounds Read via ONNX_ASSERT Function
Feb 23, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-27318
HIGH
ONNX < 1.16.0 - Path Traversal via External Data Field
Feb 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-26152
MEDIUM
Label Studio < 1.11.0 - Stored Cross-Site Scripting via File Upload in Choices or Labels Tag
Feb 22, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-26151
HIGH
mjml-python 0.10.0-0.10.9 - Cross-Site Scripting via Unsanitized Template Input
Feb 22, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-26130
HIGH
cryptography 38.0.0-42.0.3 - NULL Pointer Dereference in pkcs12.serialize_key_and_certificates
Feb 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-23346
CRITICAL
pymatgen < 2024.2.20 - Remote Code Execution via JonesFaithfulTransformation.from_transformation_str()
Feb 21, 2024
CVSS 9.3
EPSS 0.55
CVE-2024-25141
CRITICAL
Mongo Hook <4.0.0 - Info Disclosure
Feb 20, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-1647
HIGH
pyhtml2pdf 0.0.6 - Arbitrary Local File Read via Unvalidated HTML Content
Feb 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-26134
HIGH
cbor2 5.5.1-5.6.1 - Denial of Service via Long CBOR Object
Feb 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23952
MEDIUM
Apache Superset <= 2.1.2 and 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via ZIP Import
Feb 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-25112
MEDIUM
Exiv2 0.28.0-0.28.1 - Denial of Service via Unbounded Recursion in QuickTimeVideo::multipleEntriesDecoder
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-24826
MEDIUM
Exiv2 0.28.0-0.28.1 - Out-of-bounds Read in QuickTimeVideo::NikonTagsDecoder
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-21624
MEDIUM
nonebot2 2.0.1-2.2.0 - Information Exposure via MessageTemplate User Input
Feb 09, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-24825
CRITICAL
DIRAC < 8.0.37 - Unauthorized Token Exposure
Feb 09, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-24563
CRITICAL
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Improper Array Index Validation
Feb 07, 2024
CVSS 9.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters