pypi
4,993 tracked vulnerabilities.
CVE-2024-38357
MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38356
MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-37891
MEDIUM
urllib3 < 1.26.19 - Proxy-Authorization Header Leak on Cross-Origin Redirects
Jun 17, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-38459
HIGH
langchain_experimental <0.0.61 - RCE
Jun 16, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-34694
HIGH
LNbits < 0.12.6 - Payment Timeout Handling Leading to Fund Loss
Jun 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-25142
MEDIUM
Apache Airflow <2.9.2 - Info Disclosure
Jun 14, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-37300
HIGH
oauthenticator < 16.3.1 - Incorrect Authorization via GlobusOAuthenticator Configuration
Jun 12, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-36265
CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36264
CRITICAL
Apache Submarine Commons Utils <0.8.0 - Auth Bypass
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-4315
CRITICAL
parisneo/lollms < 9.5 - Local File Inclusion via Windows Path Traversal
Jun 12, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-35225
CRITICAL
Jupyter Server Proxy 3.0.0-3.2.3 and 4.0.0-4.1.9 - Reflected Cross-Site Scripting via Host Path Segment
Jun 11, 2024
CVSS 9.6
EPSS 0.00
CVE-2024-37301
HIGH
document-merge-service <= 6.5.1 - Remote Code Execution via Server-Side Template Injection
Jun 11, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-35255
MEDIUM
Microsoft Authentication Library and Azure Identity SDK - Elevation of Privilege via Race Condition
Jun 11, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-37014
CRITICAL
Langflow < 0.6.19 - Remote Code Execution via Custom Component Endpoint
Jun 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-37568
HIGH
Authlib < 1.3.1 - Algorithm Confusion in JWT Verification
Jun 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-4680
HIGH
zenml 0.56.3 - Insufficient Session Expiration after Password Change
Jun 08, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-37388
CRITICAL
ebookmeta - XML External Entity Injection in get_metadata Function
Jun 07, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-36827
HIGH
ebookmeta < 1.2.8 - XML External Entity Injection via get_metadata Function
Jun 07, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-5550
MEDIUM
h2o 3.40.0.4 - Unauthenticated Path Traversal via Typeahead API
Jun 06, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-5225
HIGH
litellm < 1.40.2 - SQL Injection via /global/spend/logs API Key Parameter
Jun 06, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-5206
MEDIUM
scikit-learn <1.5.0 - Info Disclosure
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-5187
HIGH
ONNX 1.16.0 - Path Traversal and Arbitrary File Overwrite via Tar Extraction
Jun 06, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-4890
MEDIUM
litellm 1.27.14 - Blind SQL Injection via User ID Parameter
Jun 06, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-4888
HIGH
litellm < 1.35.19 - Unauthenticated Arbitrary File Deletion via /audio/transcriptions Endpoint
Jun 06, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-4881
HIGH
lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint
Jun 06, 2024
CVSS 7.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters