pypi

4,718 tracked vulnerabilities.

CVE-2024-23633 MEDIUM
Label Studio < 1.10.1 - Stored Cross-Site Scripting via Remote Import Feature
Jan 24, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-23341 MEDIUM
TuiTse-TsuSin < 1.3.2 - Cross-Site Scripting via Unquoted Input in tuitse_html
Jan 23, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-22417 MEDIUM
Whoogle Search <0.8.3 - Reflected XSS
Jan 23, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-22205 CRITICAL
Whoogle Search < 0.8.4 - Server-Side Request Forgery via Window Endpoint Location Parameter
Jan 23, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-22204 MEDIUM
Whoogle Search <0.8.3 - Path Traversal
Jan 23, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-22203 CRITICAL
benbusby/whoogle_search < 0.8.4 - Server-Side Request Forgery via Unvalidated src_type and element_url Parameters
Jan 23, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-23345 HIGH
Nautobot < 1.6.10 and 2.0.0-2.1.2 - Stored Cross-Site Scripting via Markdown Rendering
Jan 23, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-23342 HIGH
ecdsa < 0.18.0 - Covert Timing Channel
Jan 23, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-23752 CRITICAL
PandasAI through 1.5.17 - Unauthenticated Remote Code Execution via GenerateSDFPipeline
Jan 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-23751 CRITICAL
LlamaIndex < 0.9.34 - SQL Injection via Text-to-SQL Feature
Jan 22, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-23750 HIGH
MetaGPT <= 0.6.4 - Remote Code Execution via QaEngineer Role
Jan 22, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-23732 HIGH
embedchain < 0.1.57 - Denial of Service via JSON Loader ReDoS
Jan 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-23731 CRITICAL
embedchain < 0.1.57 - Remote Code Execution via OpenAPI Loader YAML Deserialization
Jan 21, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-23730 CRITICAL
LlamaHub < 0.0.67 - Remote Code Execution via YAML Deserialization in OpenAPI and ChatGPT Plugin Loaders
Jan 21, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-0521 HIGH
Paddlepaddle paddle - Code Injection
Jan 20, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-22421 HIGH
JupyterLab <4.1.0b2-3.6.7 - Info Disclosure
Jan 19, 2024
CVSS 7.6
EPSS 0.00
CVE-2024-22420 MEDIUM
JupyterLab <4.0.11 - Privilege Escalation
Jan 19, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23329 LOW
changedetection.io 0.39.14-0.45.13 - Unauthenticated Watch History Exposure via API Endpoint
Jan 19, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-22415 HIGH
jupyter-lsp < 2.2.2 - Unauthenticated Improper Access Control
Jan 18, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-22419 HIGH
vyper < 0.3.10 and >=0.3.0 <0.4.0 - Buffer Overflow in concat Built-in
Jan 18, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-0669 MEDIUM
Plone < 6.0.5 - Cross-Frame Scripting via Malicious URL
Jan 18, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-22416 CRITICAL
pyload-ng < 0.5.0b3.dev78 - Unauthenticated Cross-Site Request Forgery via GET API Requests
Jan 18, 2024
CVSS 9.6
EPSS 0.06
CVE-2024-21669 CRITICAL
Hyperledger Aries Cloud Agent Python 0.7.0-0.10.4 - Cryptographic Signature Verification Bypass
Jan 11, 2024
CVSS 9.9
EPSS 0.00
CVE-2024-22195 MEDIUM
Jinja < 3.1.3 - Cross-Site Scripting via xmlattr Filter
Jan 11, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-22194 LOW
cdo-local-uuid <0.4.0 - Info Disclosure
Jan 11, 2024
CVSS 2.2
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV