pypi
4,998 tracked vulnerabilities.
CVE-2024-5206
MEDIUM
scikit-learn <1.5.0 - Info Disclosure
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-5187
HIGH
ONNX 1.16.0 - Path Traversal and Arbitrary File Overwrite via Tar Extraction
Jun 06, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-4890
MEDIUM
litellm 1.27.14 - Blind SQL Injection via User ID Parameter
Jun 06, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-4888
HIGH
litellm < 1.35.19 - Unauthenticated Arbitrary File Deletion via /audio/transcriptions Endpoint
Jun 06, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-4881
HIGH
lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3429
CRITICAL
lollms < 9.6 - Path Traversal via Insufficient Input Sanitization
Jun 06, 2024
CVSS 9.8
EPSS 0.28
CVE-2024-3408
CRITICAL
NUCLEI
D-Tale RCE
Jun 06, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-3099
MEDIUM
MLflow < 2.11.3 - Model Name Spoofing and Denial of Service via URL Encoding
Jun 06, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-3095
HIGH
langchain 0.1.5-<0.2.9 - Server-Side Request Forgery via Web Research Retriever
Jun 06, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-2965
MEDIUM
langchain < 0.2.5 - Denial of Service via SitemapLoader Recursion
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-2928
HIGH
NUCLEI
MLflow < 2.11.3 - Path Traversal
Jun 06, 2024
CVSS 7.5
EPSS 0.22
CVE-2024-2383
MEDIUM
zenml <= 0.55.5 - Clickjacking via Missing X-Frame-Options Header
Jun 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-2213
LOW
zenml-io/zenml <0.55.4 - Auth Bypass
Jun 06, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-2171
MEDIUM
zenml < 0.56.2 - Stored Cross-Site Scripting via Logo URL Field
Jun 06, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-2035
MEDIUM
zenml < 0.56.2 - Authenticated Missing Authorization via API PUT /api/v1/users/id Endpoint
Jun 06, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-2032
LOW
zenml-io/zenml <0.55.3 - Info Disclosure
Jun 06, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-0520
HIGH
mlflow/mlflow <8.2.1 - Command Injection
Jun 06, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-5452
CRITICAL
pytorch_lightning < 2.3.3 - Remote Code Execution via Deepdiff Delta Dunder Attribute Bypass
Jun 06, 2024
CVSS 9.8
EPSS 0.26
CVE-2024-4941
HIGH
gradio-app/gradio <4.25 - Local File Inclusion
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-4325
HIGH
NUCLEI
gradio < 4.41.0 - Server-Side Request Forgery via /queue/join Endpoint
Jun 06, 2024
CVSS 8.6
EPSS 0.37
CVE-2024-35178
HIGH
jupyter_server < 2.14.1 - Unauthenticated NTLMv2 Password Hash Exposure
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5629
MEDIUM
PyMongo < 4.6.3 - Out-of-bounds Read in BSON Module
Jun 05, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-37065
HIGH
skops >= 0.6 - Remote Code Execution via Model Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37064
HIGH
ydata-profiling >= 3.7.0 - Remote Code Execution via Untrusted Data Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37063
HIGH
ydata-profiling >= 3.7.0 - Stored Cross-Site Scripting via Malicious Report
Jun 04, 2024
CVSS 7.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters