pypi

4,998 tracked vulnerabilities.

CVE-2024-35061 HIGH
NASA AIT-Core < 2.5.2 - Missing Encryption of Sensitive Data
May 21, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-35059 HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via Pickle Deserialization
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35058 HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via API Wait Function
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35057 HIGH
NASA AIT-Core < 2.5.2 - Remote Code Execution via Crafted Packet
May 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-35056 CRITICAL
NASA AIT-Core < 2.5.2 - SQL Injection via query_packets and insert functions
May 21, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36039 MEDIUM
PyMySQL < 1.1.1 - SQL Injection via Unescaped JSON Keys
May 21, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-35180 MEDIUM
OMERO.web < 5.26.0 - Cross-Site Scripting via JSONP Callback Parameter
May 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-35195 MEDIUM
Requests < 2.32.0 - Always-Incorrect Control Flow Implementation in Session Certificate Verification
May 20, 2024
CVSS 5.6
EPSS 0.00
CVE-2024-1968 HIGH
Scrapy < 1.8.4 and 2.0-2.11.1 - Authorization Header Exposure via Same-Domain Scheme Redirect
May 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34083 MEDIUM
aiosmtpd < 1.4.6 - Man-in-the-Middle Attack via Extraneous Untrusted Data After STARTTLS
May 18, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4264 CRITICAL
litellm - Remote Code Execution via Unsafe Eval in get_secret Method
May 18, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5023 CRITICAL
Netflix ConsoleMe < 1.4.0 - Command Injection
May 16, 2024
EPSS 0.01
CVE-2024-4263 MEDIUM
mlflow/mlflow <2.10.1 - Info Disclosure
May 16, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4181 HIGH
Llamaindex < 0.10.13 - Code Injection
May 16, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-4078 CRITICAL
parisneo/lollms - Remote Code Execution via Unsanitized Name Parameter in /unInstall_binding Endpoint
May 16, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-3848 HIGH NUCLEI
MLflow < 2.12.1 - Path Traversal via URL Fragment Bypass
May 16, 2024
CVSS 7.5
EPSS 0.43
CVE-2024-32977 HIGH
OctoPrint <= 1.10.0 - Unauthenticated Authentication Bypass via X-Forwarded-For Header Spoofing
May 14, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-32077 MEDIUM
Apache Airflow <2.9.1 - Code Injection
May 14, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-34707 HIGH
Nautobot < 1.6.22 - Authenticated Stored Cross-Site Scripting via Banner Configuration
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34359 CRITICAL
llama-cpp-python >=0.2.30 <0.2.72 - Remote Code Execution via Jinja2 Template Injection
May 14, 2024
CVSS 9.6
EPSS 0.28
CVE-2024-32874 MEDIUM
Frigate < 0.13.2 - Denial of Service via Large Unicode Filename
May 14, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-28148 MEDIUM
Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request
May 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-34252 HIGH
wasm3 v0.5.0 - Buffer Overflow in PreserveRegisterIfOccupied Function
May 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34249 CRITICAL
wasm3 v0.5.0 - Heap-based Buffer Overflow via DeallocateSlot Function
May 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-34078 MEDIUM
html-sanitizer <2.4.2 - Info Disclosure
May 06, 2024
CVSS 6.1
EPSS 0.01