pypi
4,998 tracked vulnerabilities.
CVE-2024-35061
HIGH
NASA AIT-Core < 2.5.2 - Missing Encryption of Sensitive Data
May 21, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-35059
HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via Pickle Deserialization
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35058
HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via API Wait Function
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35057
HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via Crafted Packet
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35056
CRITICAL
NASA AIT-Core < 2.5.2 - SQL Injection via query_packets and insert functions
May 21, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36039
MEDIUM
PyMySQL < 1.1.1 - SQL Injection via Unescaped JSON Keys
May 21, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-35180
MEDIUM
OMERO.web < 5.26.0 - Cross-Site Scripting via JSONP Callback Parameter
May 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-35195
MEDIUM
Requests < 2.32.0 - Always-Incorrect Control Flow Implementation in Session Certificate Verification
May 20, 2024
CVSS 5.6
EPSS 0.00
CVE-2024-1968
HIGH
Scrapy < 1.8.4 and 2.0-2.11.1 - Authorization Header Exposure via Same-Domain Scheme Redirect
May 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34083
MEDIUM
aiosmtpd < 1.4.6 - Man-in-the-Middle Attack via Extraneous Untrusted Data After STARTTLS
May 18, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4264
CRITICAL
litellm - Remote Code Execution via Unsafe Eval in get_secret Method
May 18, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5023
CRITICAL
Netflix ConsoleMe < 1.4.0 - Command Injection
May 16, 2024
EPSS 0.01
CVE-2024-4263
MEDIUM
mlflow/mlflow <2.10.1 - Info Disclosure
May 16, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4181
HIGH
Llamaindex < 0.10.13 - Code Injection
May 16, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-4078
CRITICAL
parisneo/lollms - Remote Code Execution via Unsanitized Name Parameter in /unInstall_binding Endpoint
May 16, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-3848
HIGH
NUCLEI
MLflow < 2.12.1 - Path Traversal via URL Fragment Bypass
May 16, 2024
CVSS 7.5
EPSS 0.43
CVE-2024-32977
HIGH
OctoPrint <= 1.10.0 - Unauthenticated Authentication Bypass via X-Forwarded-For Header Spoofing
May 14, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-32077
MEDIUM
Apache Airflow <2.9.1 - Code Injection
May 14, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-34707
HIGH
Nautobot < 1.6.22 - Authenticated Stored Cross-Site Scripting via Banner Configuration
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34359
CRITICAL
llama-cpp-python >=0.2.30 <0.2.72 - Remote Code Execution via Jinja2 Template Injection
May 14, 2024
CVSS 9.6
EPSS 0.28
CVE-2024-32874
MEDIUM
Frigate < 0.13.2 - Denial of Service via Large Unicode Filename
May 14, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-28148
MEDIUM
Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request
May 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-34252
HIGH
wasm3 v0.5.0 - Buffer Overflow in PreserveRegisterIfOccupied Function
May 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34249
CRITICAL
wasm3 v0.5.0 - Heap-based Buffer Overflow via DeallocateSlot Function
May 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-34078
MEDIUM
html-sanitizer <2.4.2 - Info Disclosure
May 06, 2024
CVSS 6.1
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters