pypi
4,998 tracked vulnerabilities.
CVE-2024-3271
CRITICAL
llamaindex 0.10.6-0.10.25 - Remote Code Execution via safe_eval Underscore Bypass
Apr 16, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-2912
CRITICAL
BentoML 1.2.0-1.2.4 - Remote Code Execution via Insecure Deserialization
Apr 16, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-2260
MEDIUM
zenml < 0.56.2 - Session Fixation via JWT Token Reuse
Apr 16, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-2083
CRITICAL
zenml < 0.55.5 - Path Traversal via /api/v1/steps Logs URI Parameter
Apr 16, 2024
CVSS 9.9
EPSS 0.39
CVE-2024-1594
HIGH
MLflow - Path Traversal via Artifact Location URI Fragment
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1593
HIGH
MLflow - Path Traversal via Semicolon Parameter Smuggling
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1561
HIGH
NUCLEI
gradio-app/gradio - Info Disclosure
Apr 16, 2024
CVSS 7.5
EPSS 0.09
CVE-2024-1560
HIGH
lfprojects mlflow < 2.9.2 - Path Traversal via Double Decoding in Artifact Deletion
Apr 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-1558
HIGH
MLflow < 2.12.1 - Path Traversal via Source Parameter in _create_model_version()
Apr 16, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1483
HIGH
NUCLEI
mlflow < 2.12.1 - Path Traversal via Artifact Location and Source Parameters
Apr 16, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-1183
MEDIUM
NUCLEI
gradio 3.41.0-4.10.0 - Server-Side Request Forgery via File Parameter
Apr 16, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-1135
HIGH
Gunicorn < 22.0.0 - HTTP Request Smuggling via Transfer-Encoding Header Mismanagement
Apr 16, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-3772
MEDIUM
Pydantic < 1.10.13 and 2.0.0-2.4.0 - Denial of Service via Crafted Email String
Apr 15, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-32005
HIGH
NiceGUI <1.4.21 - Local File Inclusion
Apr 12, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-28718
CRITICAL
OpenStack Magnum - Remote Code Execution via cert_manager.py TOCTOU Race Condition
Apr 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29019
HIGH
ESPHome 2023.12.9-2024.3.0 - Cross-Site Request Forgery in Dashboard API Endpoints
Apr 11, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-3568
CRITICAL
huggingface/transformers - Code Injection
Apr 10, 2024
CVSS 9.6
EPSS 0.02
CVE-2024-3098
CRITICAL
llama-index-core < 0.10.24 - Remote Code Execution via safe_eval Function
Apr 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2952
CRITICAL
litellm < 1.34.42 - Server-Side Template Injection via Completions Endpoint
Apr 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2196
HIGH
aim - Cross-Site Request Forgery via Missing CSRF and CORS Protection
Apr 10, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-2195
CRITICAL
Aim >=3.0.0 - Remote Code Execution via run_search_api Query Parameter
Apr 10, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-1728
HIGH
NUCLEI
gradio 4.18.0-4.19.2 - Path Traversal and Arbitrary File Read via UploadButton Queue Join Endpoint
Apr 10, 2024
CVSS 7.5
EPSS 0.85
CVE-2024-22423
HIGH
yt-dlp 2021.04.11-2024.04.09 - Command Injection via --exec Template Expansion
Apr 09, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-29905
HIGH
DIRAC < 8.0.41 - Unauthorized Proxy Access via Temporary File Exposure
Apr 09, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-28732
HIGH
Faucet SDN Ryu 4.34 - Denial of Service via OFPMatch Infinite Loop
Apr 08, 2024
CVSS 7.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters