pypi
4,998 tracked vulnerabilities.
CVE-2024-33664
MEDIUM
python-jose < 3.3.0 - Denial of Service via JWE Token Decompression
Apr 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-33663
MEDIUM
python-jose < 3.3.0 - Algorithm Confusion with OpenSSH ECDSA Keys
Apr 26, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-32651
CRITICAL
NUCLEI
changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI
Apr 26, 2024
CVSS 10.0
EPSS 0.84
CVE-2024-32649
MEDIUM
vyperlang/vyper < 0.4.0 - Double Eval Vulnerability via sqrt Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32648
MEDIUM
vyperlang/vyper < 0.3.0 - Improper Locking in Default Functions
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32647
MEDIUM
vyperlang/vyper < 0.4.0 - Eval Injection via create_from_blueprint raw_args Parameter
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32646
MEDIUM
vyperlang/vyper < 0.4.0 - Double Evaluation Vulnerability via Slice Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32645
MEDIUM
vyperlang/vyper < 0.4.0 - Incorrect Topic Logging via RawLog Builtin
Apr 25, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32481
MEDIUM
vyper 0.3.8-0.4.0b1 - Denial of Service via Incorrect Signed Integer Comparison in Range Loop
Apr 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32879
MEDIUM
Python Social Auth <5.4.1 - Info Disclosure
Apr 24, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-31208
MEDIUM
Synapse < 1.105.1 - Denial of Service via V2 State Resolution Algorithm
Apr 23, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28717
MEDIUM
OpenStack Storlets < 13.0.0.0rc1 - Remote Code Execution via gateway.py
Apr 22, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-29733
LOW
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Apr 21, 2024
CVSS 2.7
EPSS 0.01
CVE-2024-1681
MEDIUM
flask-cors < 4.0.1 - Log Injection via CRLF Sequence in Request Path
Apr 19, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32474
HIGH
Sentry 24.3.0-24.4.1 - Cleartext Password Exposure in Superuser Authentication Logs
Apr 18, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-27306
MEDIUM
aiohttp < 3.9.4 - Cross-Site Scripting in Static File Index Pages
Apr 18, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-31869
MEDIUM
Apache Airflow 2.7.0-2.8.4 - Authenticated Sensitive Information Exposure via Configuration UI Page
Apr 18, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-31583
HIGH
PyTorch < 2.2.0 - Use-After-Free in Mobile Interpreter
Apr 17, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-31580
MEDIUM
PyTorch < 2.2.0 - Heap-based Buffer Overflow in Vararg Functions
Apr 17, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-3660
CRITICAL
Keras < 2.13.1 - Arbitrary Code Injection via Model Loading
Apr 16, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-3575
MEDIUM
mindsdb - Stored Cross-Site Scripting
Apr 16, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-3574
HIGH
scrapy < 2.11.1 - Authorization Header Leak via Cross-Domain Redirect
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3573
CRITICAL
MLflow < 2.10.0 - Local File Inclusion via URI Scheme Parsing Bypass
Apr 16, 2024
CVSS 9.3
EPSS 0.01
CVE-2024-3572
HIGH
Scrapy 2.0.0-2.11.1 - XML External Entity Injection via lxml Parsing
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-3571
HIGH
langchain-ai/langchain - Path Traversal
Apr 16, 2024
CVSS 8.8
EPSS 0.02
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters