pypi
4,718 tracked vulnerabilities.
CVE-2023-38676
MEDIUM
PaddlePaddle < 2.6.0 - Denial of Service via Null Pointer Dereference in paddle.dot
Jan 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2023-38675
MEDIUM
PaddlePaddle <2.6.0 - Memory Corruption
Jan 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2023-38674
MEDIUM
PaddlePaddle <2.6.0 - Memory Corruption
Jan 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2023-51663
MEDIUM
Hail < 0.2.127 - Authentication Bypass via OpenID Connect Email Address Spoofing
Dec 29, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-49438
MEDIUM
NUCLEI
Flask-Security-Too <=5.3.2 - Open Redirect via Next Parameter
Dec 26, 2023
CVSS 6.1
EPSS 0.14
CVE-2023-51449
MEDIUM
NUCLEI
gradio < 4.11.0 - Path Traversal via /file Route
Dec 22, 2023
CVSS 5.6
EPSS 0.81
CVE-2023-50731
CRITICAL
MindsDB < 23.11.4.1 - Path Traversal and Arbitrary File Write via File Upload Name Parameter
Dec 22, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-51649
LOW
Nautobot 1.5.14-1.6.8 - Incorrect Authorization via Job Button Submission
Dec 22, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-50783
MEDIUM
Apache Airflow < 2.8.0 - Authenticated Unauthorized Variable Modification
Dec 21, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-49920
MEDIUM
Apache Airflow 2.7.0-2.7.3 - Cross-Site Request Forgery via DAG Trigger GET Request
Dec 21, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-48291
MEDIUM
Apache Airflow < 2.8.0 - Authenticated DAG Resource Access Control Bypass
Dec 21, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-47265
MEDIUM
Apache Airflow 2.6.0-2.7.3 - Stored Cross-Site Scripting in DAG Parameter Description Field
Dec 21, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-7018
HIGH
huggingface/transformers < 4.36.0 - Remote Code Execution via Pickle Deserialization
Dec 20, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-6977
HIGH
NUCLEI
MLflow < 2.9.2 - Information Disclosure
Dec 20, 2023
CVSS 7.5
EPSS 0.83
CVE-2023-6976
HIGH
MLflow < 2.9.2 - Arbitrary File Write via Unrestricted File Upload
Dec 20, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-6975
CRITICAL
MLflow <= 2.9.2 - Command Injection
Dec 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-6974
CRITICAL
MLflow < 2.9.2 - Server-Side Request Forgery
Dec 20, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-6730
HIGH
huggingface/transformers < 4.36.0 - Deserialization of Untrusted Data
Dec 19, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-49736
MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
Dec 19, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-49734
HIGH
Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership
Dec 19, 2023
CVSS 7.7
EPSS 0.00
CVE-2023-46104
MEDIUM
Apache Superset <= 2.1.2, 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via Malicious ZIP Import
Dec 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-6940
HIGH
MLflow < 2.9.2 - Remote Code Execution via Malicious Config Download
Dec 19, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-48795
MEDIUM
NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.53
CVE-2023-5115
MEDIUM
Ansible Automation Platform - Path Traversal via Malicious Role Symlink
Dec 18, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-6909
HIGH
NUCLEI
MLflow < 2.9.2 - Path Traversal via Backslash Dot-Dot-Slash Sequence
Dec 18, 2023
CVSS 7.5
EPSS 0.86
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters