pypi

4,998 tracked vulnerabilities.

CVE-2024-33664 MEDIUM
python-jose < 3.3.0 - Denial of Service via JWE Token Decompression
Apr 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-33663 MEDIUM
python-jose < 3.3.0 - Algorithm Confusion with OpenSSH ECDSA Keys
Apr 26, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-32651 CRITICAL NUCLEI
changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI
Apr 26, 2024
CVSS 10.0
EPSS 0.84
CVE-2024-32649 MEDIUM
vyperlang/vyper < 0.4.0 - Double Eval Vulnerability via sqrt Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32648 MEDIUM
vyperlang/vyper < 0.3.0 - Improper Locking in Default Functions
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32647 MEDIUM
vyperlang/vyper < 0.4.0 - Eval Injection via create_from_blueprint raw_args Parameter
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32646 MEDIUM
vyperlang/vyper < 0.4.0 - Double Evaluation Vulnerability via Slice Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32645 MEDIUM
vyperlang/vyper < 0.4.0 - Incorrect Topic Logging via RawLog Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32481 MEDIUM
vyper 0.3.8-0.4.0b1 - Denial of Service via Incorrect Signed Integer Comparison in Range Loop
Apr 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32879 MEDIUM
Python Social Auth <5.4.1 - Info Disclosure
Apr 24, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-31208 MEDIUM
Synapse < 1.105.1 - Denial of Service via V2 State Resolution Algorithm
Apr 23, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28717 MEDIUM
OpenStack Storlets < 13.0.0.0rc1 - Remote Code Execution via gateway.py
Apr 22, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-29733 LOW
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Apr 21, 2024
CVSS 2.7
EPSS 0.01
CVE-2024-1681 MEDIUM
flask-cors < 4.0.1 - Log Injection via CRLF Sequence in Request Path
Apr 19, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32474 HIGH
Sentry 24.3.0-24.4.1 - Cleartext Password Exposure in Superuser Authentication Logs
Apr 18, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-27306 MEDIUM
aiohttp < 3.9.4 - Cross-Site Scripting in Static File Index Pages
Apr 18, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-31869 MEDIUM
Apache Airflow 2.7.0-2.8.4 - Authenticated Sensitive Information Exposure via Configuration UI Page
Apr 18, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-31583 HIGH
PyTorch < 2.2.0 - Use-After-Free in Mobile Interpreter
Apr 17, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-31580 MEDIUM
PyTorch < 2.2.0 - Heap-based Buffer Overflow in Vararg Functions
Apr 17, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-3660 CRITICAL
Keras < 2.13.1 - Arbitrary Code Injection via Model Loading
Apr 16, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-3575 MEDIUM
mindsdb - Stored Cross-Site Scripting
Apr 16, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-3574 HIGH
scrapy < 2.11.1 - Authorization Header Leak via Cross-Domain Redirect
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3573 CRITICAL
MLflow < 2.10.0 - Local File Inclusion via URI Scheme Parsing Bypass
Apr 16, 2024
CVSS 9.3
EPSS 0.01
CVE-2024-3572 HIGH
Scrapy 2.0.0-2.11.1 - XML External Entity Injection via lxml Parsing
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3571 HIGH
langchain-ai/langchain - Path Traversal
Apr 16, 2024
CVSS 8.8
EPSS 0.02