pypi

4,718 tracked vulnerabilities.

CVE-2023-49083 MEDIUM
cryptography 3.1-41.0.5 - Denial of Service via PKCS7 Certificate Deserialization
Nov 29, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-42504 MEDIUM
Apache Superset < 3.0.0 - Authenticated Denial of Service via Concurrent Dashboard Export Requests
Nov 28, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-42505 MEDIUM
Apache Superset < 3.0.0 - Authenticated Exposure of Sensitive Database Connection Information
Nov 28, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42502 MEDIUM
Apache Superset < 3.0.0 - Authenticated Open Redirect via HTTP Host Header Spoofing
Nov 28, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-48022 CRITICAL NUCLEI
Anyscale Ray 2.6.3 and 2.8.0 - Remote Code Execution via Job Submission API
Nov 28, 2023
CVSS 9.8
EPSS 0.92
CVE-2023-43701 MEDIUM
Apache Superset <2.1.2 - Code Injection
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42501 MEDIUM
Apache Superset < 2.1.2 - Authenticated Unnecessary Read Permissions in Gamma Role
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40610 MEDIUM
Apache Superset <2.1.2 - Privilege Escalation
Nov 27, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-48796 HIGH
Apache DolphinScheduler - Info Disclosure
Nov 24, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-48705 HIGH
Nautobot < 1.6.6 and 2.0.0-2.0.4 - Stored Cross-Site Scripting via Custom Links and Job Buttons
Nov 22, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-37924 CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
Nov 22, 2023
CVSS 9.8
EPSS 0.77
CVE-2023-48700 MEDIUM
nautobot-plugin-device-onboarding 2.0.0-3.0.0 - Cleartext Storage of Sensitive Information in Job Results
Nov 21, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-48699 HIGH
fastbots < 0.1.5 - Remote Code Execution via Locators.ini File Injection
Nov 21, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-48299 MEDIUM
TorchServe 0.1.0-0.8.2 - Path Traversal via Archive Extraction
Nov 21, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-48051 HIGH
upydev 0.4.3 - Inadequate Encryption Strength in Key Generation
Nov 20, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-46302 CRITICAL
Apache Submarine - YAML Deserialization
Nov 20, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-6020 HIGH NUCLEI
Ray < 2.8.1 - Unauthenticated Local File Inclusion via Static Directory
Nov 16, 2023
CVSS 7.5
EPSS 0.81
CVE-2023-6014 CRITICAL
MLflow < 2.8.0 - Authentication Bypass
Nov 16, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-48056 HIGH
PyPinkSign v0.5.1 - Info Disclosure
Nov 16, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-48054 HIGH
localstack 2.3.2 - Missing SSL Certificate Validation
Nov 16, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-48052 HIGH
httpie < 3.2.3 - Missing SSL Certificate Validation
Nov 16, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-6022 HIGH
prefect < 2.16.5 - Cross-Site Request Forgery
Nov 16, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-6021 HIGH NUCLEI
Ray <2.8.1 - Unauthenticated Local File Inclusion via Log API
Nov 16, 2023
CVSS 7.5
EPSS 0.87
CVE-2023-6019 CRITICAL
Ray < 2.8.1 - Unauthenticated Remote Code Execution via CPU Profile URL Parameter
Nov 16, 2023
CVSS 9.8
EPSS 0.89
CVE-2023-6018 CRITICAL NUCLEI
MLflow - Unauthenticated File Overwrite
Nov 16, 2023
CVSS 9.8
EPSS 0.91
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV