pypi

4,718 tracked vulnerabilities.

CVE-2024-24811 CRITICAL
Products.SQLAlchemyDA < 2.2 - Unauthenticated SQL Injection
Feb 07, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-24680 HIGH
Django <3.2.24, <4.2.10, <5.0.2 - DoS
Feb 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-24591 HIGH
Allegro AI's ClearML <1.14.1 - Path Traversal
Feb 06, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-24590 HIGH
Allegro AI's ClearML <1.14.2 - Code Injection
Feb 06, 2024
CVSS 8.0
EPSS 0.83
CVE-2024-0690 MEDIUM
ansible-core < 2.14.14 - Information Disclosure via ANSIBLE_NO_LOG Bypass
Feb 06, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-24808 MEDIUM
pyload < 0.5.0 - Open Redirect via Login Redirect Validation
Feb 06, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-0964 CRITICAL
Gradio < 4.9.0 - Path Traversal via API Request JSON Value
Feb 05, 2024
CVSS 9.4
EPSS 0.00
CVE-2024-24595 MEDIUM
Allegro AI's ClearML - Info Disclosure
Feb 05, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-24559 LOW
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Broken Cryptographic Algorithm in sha3_64
Feb 05, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-24762 HIGH
python-multipart < 0.0.7 - Regular Expression Denial of Service via Content-Type Header Parsing
Feb 05, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-24560 LOW
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Corruption via Overlapping Input/Return Buffers
Feb 02, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-21485 MEDIUM NUCLEI
dash < 2.15.0 - Stored Cross-Site Scripting via Controlled href Attribute
Feb 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24561 CRITICAL
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Buffer Overflow via Slice Bounds Check
Feb 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-1141 MEDIUM
python-glance-store - Info Disclosure
Feb 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-23637 MEDIUM
OctoPrint <= 1.9.3 - Unverified Password Change
Jan 31, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-24567 MEDIUM
vyperlang/vyper < 0.3.10 - Incorrect Value Handling in raw_call Builtin
Jan 30, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-22193 LOW
vantage6 < 4.2.0 - Insecure Storage of Sensitive Information
Jan 30, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-21671 LOW
vantage6 < 4.2.0 - Observable Timing Discrepancy in Login Response
Jan 30, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-21653 MEDIUM
vantage6 < 4.2.0 - Improper Access Control via Default SSH Configuration
Jan 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-21649 HIGH
vantage6 < 4.2.0 - Authenticated Remote Code Execution via Algorithm Environment Variables
Jan 30, 2024
CVSS 8.8
EPSS 0.06
CVE-2024-23829 MEDIUM
aiohttp < 3.9.2 - HTTP Request Smuggling via Inconsistent HTTP Parser Validation
Jan 29, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23334 MEDIUM NUCLEI
aiohttp - Directory Traversal
Jan 29, 2024
CVSS 5.9
EPSS 0.94
CVE-2024-0960 MEDIUM
Flink-extended ai-flow 0.3.1 - Deserialization
Jan 27, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-0937 MEDIUM
van_der_Schaar LAB synthcity <0.2.9 - Deserialization
Jan 26, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-0727 MEDIUM
OpenSSL 1.0.2-1.0.2zj, 1.1.1-1.1.1w, 3.0.0-3.0.12, 3.1.0-3.1.4, 3.2.0 - DoS via PKCS12 NULL Pointer Dereference
Jan 26, 2024
CVSS 5.5
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV