pypi

4,998 tracked vulnerabilities.

CVE-2024-37062 HIGH
ydata-profiling >= 3.7.0 - Remote Code Execution via Malicious Report Deserialization
Jun 04, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-37061 HIGH
MLflow >= 1.11.0 - Remote Code Execution via Malicious MLproject
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37060 HIGH
MLflow >= 1.27.0 - Remote Code Execution via Malicious Recipe Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37059 HIGH
MLflow >= 0.5.0 - Remote Code Execution via PyTorch Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37058 HIGH
MLflow >= 2.5.0 - Remote Code Execution via Langchain AgentExecutor Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37057 HIGH
MLflow >= 2.0.0 - Remote Code Execution via Tensorflow Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37056 HIGH
MLflow >= 1.23.0 - Remote Code Execution via LightGBM Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37055 HIGH
MLflow >= 1.24.0 - Remote Code Execution via Malicious Pmdarima Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37054 HIGH
MLflow >= 0.9.0 - Remote Code Execution via PyFunc Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37053 HIGH
MLflow >= 1.1.0 - Remote Code Execution via Malicious scikit-learn Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-37052 HIGH
MLflow >= 1.1.0 - Remote Code Execution via Malicious scikit-learn Model Deserialization
Jun 04, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-3829 CRITICAL
qdrant/qdrant < 1.9.0 - Arbitrary File Read and Write via Snapshot Recovery Symlink Manipulation
Jun 03, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-35196 LOW
Sentry 24.3.0-24.5.0 - Sensitive Information Exposure in Slack Integration Logs
May 31, 2024
CVSS 2.0
EPSS 0.01
CVE-2024-5565 HIGH
Vanna - Remote Code Execution via Prompt Injection
May 31, 2024
CVSS 8.1
EPSS 0.15
CVE-2024-35189 MEDIUM
Fides < 2.37.0 - Sensitive Information Exposure via BigQuery Keyfile Creds API
May 30, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-35228 MEDIUM
Wagtail 6.0.0-6.0.4 and 6.1.0-6.1.1 - Authenticated Improper Permission Handling in Settings Module
May 30, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-4330 LOW
lollms_web_ui 9.6 - Path Traversal via 'category' Parameter in 'list_personalities' Endpoint
May 30, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-3924 MEDIUM
huggingface/text-generation-inference <= 2.0.0 - Remote Code Execution via GitHub Actions Workflow
May 30, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-34715 LOW
Fides < 2.37.0 - Sensitive Information Exposure in Database Password Logs
May 29, 2024
CVSS 2.3
EPSS 0.00
CVE-2024-36112 MEDIUM
Nautobot <1.6.22 & 2.0.0 - Info Disclosure
May 28, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-36110 HIGH
ansibleguy-webui <0.0.21 - Code Injection
May 28, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-36105 MEDIUM
dbt <1.6.15-1.8.1 - Info Disclosure
May 27, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-35374 CRITICAL
Mocodo Online < 4.2.6 - Remote Code Execution via SQL Case Input Field
May 24, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-28188 MEDIUM
jupyter-scheduler < 1.1.6, 1.2.1, 1.8.2, 2.5.2 - Exposure of Sensitive Information via Conda Environment List
May 23, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32969 LOW
vantage6 < 4.5.0rc3 - Improper Access Control via Organization Addition
May 23, 2024
CVSS 2.7
EPSS 0.00