pypi

4,998 tracked vulnerabilities.

CVE-2024-5206 MEDIUM
scikit-learn <1.5.0 - Info Disclosure
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-5187 HIGH
ONNX 1.16.0 - Path Traversal and Arbitrary File Overwrite via Tar Extraction
Jun 06, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-4890 MEDIUM
litellm 1.27.14 - Blind SQL Injection via User ID Parameter
Jun 06, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-4888 HIGH
litellm < 1.35.19 - Unauthenticated Arbitrary File Deletion via /audio/transcriptions Endpoint
Jun 06, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-4881 HIGH
lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3429 CRITICAL
lollms < 9.6 - Path Traversal via Insufficient Input Sanitization
Jun 06, 2024
CVSS 9.8
EPSS 0.28
CVE-2024-3408 CRITICAL NUCLEI
D-Tale RCE
Jun 06, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-3099 MEDIUM
MLflow < 2.11.3 - Model Name Spoofing and Denial of Service via URL Encoding
Jun 06, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-3095 HIGH
langchain 0.1.5-<0.2.9 - Server-Side Request Forgery via Web Research Retriever
Jun 06, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-2965 MEDIUM
langchain < 0.2.5 - Denial of Service via SitemapLoader Recursion
Jun 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-2928 HIGH NUCLEI
MLflow < 2.11.3 - Path Traversal
Jun 06, 2024
CVSS 7.5
EPSS 0.22
CVE-2024-2383 MEDIUM
zenml <= 0.55.5 - Clickjacking via Missing X-Frame-Options Header
Jun 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-2213 LOW
zenml-io/zenml <0.55.4 - Auth Bypass
Jun 06, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-2171 MEDIUM
zenml < 0.56.2 - Stored Cross-Site Scripting via Logo URL Field
Jun 06, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-2035 MEDIUM
zenml < 0.56.2 - Authenticated Missing Authorization via API PUT /api/v1/users/id Endpoint
Jun 06, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-2032 LOW
zenml-io/zenml <0.55.3 - Info Disclosure
Jun 06, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-0520 HIGH
mlflow/mlflow <8.2.1 - Command Injection
Jun 06, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-5452 CRITICAL
pytorch_lightning < 2.3.3 - Remote Code Execution via Deepdiff Delta Dunder Attribute Bypass
Jun 06, 2024
CVSS 9.8
EPSS 0.26
CVE-2024-4941 HIGH
gradio-app/gradio <4.25 - Local File Inclusion
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-4325 HIGH NUCLEI
gradio < 4.41.0 - Server-Side Request Forgery via /queue/join Endpoint
Jun 06, 2024
CVSS 8.6
EPSS 0.37
CVE-2024-35178 HIGH
jupyter_server < 2.14.1 - Unauthenticated NTLMv2 Password Hash Exposure
Jun 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5629 MEDIUM
PyMongo < 4.6.3 - Out-of-bounds Read in BSON Module
Jun 05, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-37065 HIGH
skops >= 0.6 - Remote Code Execution via Model Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37064 HIGH
ydata-profiling >= 3.7.0 - Remote Code Execution via Untrusted Data Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37063 HIGH
ydata-profiling >= 3.7.0 - Stored Cross-Site Scripting via Malicious Report
Jun 04, 2024
CVSS 7.8
EPSS 0.00