pypi

4,998 tracked vulnerabilities.

CVE-2024-3271 CRITICAL
llamaindex 0.10.6-0.10.25 - Remote Code Execution via safe_eval Underscore Bypass
Apr 16, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-2912 CRITICAL
BentoML 1.2.0-1.2.4 - Remote Code Execution via Insecure Deserialization
Apr 16, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-2260 MEDIUM
zenml < 0.56.2 - Session Fixation via JWT Token Reuse
Apr 16, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-2083 CRITICAL
zenml < 0.55.5 - Path Traversal via /api/v1/steps Logs URI Parameter
Apr 16, 2024
CVSS 9.9
EPSS 0.39
CVE-2024-1594 HIGH
MLflow - Path Traversal via Artifact Location URI Fragment
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1593 HIGH
MLflow - Path Traversal via Semicolon Parameter Smuggling
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1561 HIGH NUCLEI
gradio-app/gradio - Info Disclosure
Apr 16, 2024
CVSS 7.5
EPSS 0.09
CVE-2024-1560 HIGH
lfprojects mlflow < 2.9.2 - Path Traversal via Double Decoding in Artifact Deletion
Apr 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-1558 HIGH
MLflow < 2.12.1 - Path Traversal via Source Parameter in _create_model_version()
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1483 HIGH NUCLEI
mlflow < 2.12.1 - Path Traversal via Artifact Location and Source Parameters
Apr 16, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-1183 MEDIUM NUCLEI
gradio 3.41.0-4.10.0 - Server-Side Request Forgery via File Parameter
Apr 16, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-1135 HIGH
Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header Mismanagement
Apr 16, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-3772 MEDIUM
Pydantic < 1.10.13 and 2.0.0-2.4.0 - Denial of Service via Crafted Email String
Apr 15, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-32005 HIGH
NiceGUI <1.4.21 - Local File Inclusion
Apr 12, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-28718 CRITICAL
OpenStack Magnum - Remote Code Execution via cert_manager.py TOCTOU Race Condition
Apr 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29019 HIGH
ESPHome 2023.12.9-2024.3.0 - Cross-Site Request Forgery in Dashboard API Endpoints
Apr 11, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-3568 CRITICAL
huggingface/transformers - Code Injection
Apr 10, 2024
CVSS 9.6
EPSS 0.02
CVE-2024-3098 CRITICAL
llama-index-core < 0.10.24 - Remote Code Execution via safe_eval Function
Apr 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2952 CRITICAL
litellm < 1.34.42 - Server-Side Template Injection via Completions Endpoint
Apr 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2196 HIGH
aim - Cross-Site Request Forgery via Missing CSRF and CORS Protection
Apr 10, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-2195 CRITICAL
Aim >=3.0.0 - Remote Code Execution via run_search_api Query Parameter
Apr 10, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-1728 HIGH NUCLEI
gradio 4.18.0-4.19.2 - Path Traversal and Arbitrary File Read via UploadButton Queue Join Endpoint
Apr 10, 2024
CVSS 7.5
EPSS 0.85
CVE-2024-22423 HIGH
yt-dlp 2021.04.11-2024.04.09 - Command Injection via --exec Template Expansion
Apr 09, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-29905 HIGH
DIRAC < 8.0.41 - Unauthorized Proxy Access via Temporary File Exposure
Apr 09, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-28732 HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPMatch Infinite Loop
Apr 08, 2024
CVSS 7.5
EPSS 0.01