pypi

4,998 tracked vulnerabilities.

CVE-2024-31215 MEDIUM
Mobile Security Framework < 3.9.8 - Server-Side Request Forgery via Firebase Database Check
Apr 04, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-3116 HIGH
pgAdmin4 <= 8.4 - Remote Code Execution via Validate Binary Path API
Apr 04, 2024
CVSS 7.4
EPSS 0.65
CVE-2024-30265 HIGH
Collabora Online - Local File Inclusion
Apr 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-28219 MEDIUM
Pillow < 10.3.0 - Buffer Overflow via Unsafe strcpy in _imagingcms.c
Apr 03, 2024
CVSS 6.7
EPSS 0.01
CVE-2024-30248 HIGH
piccolo-admin 1.2.0-1.3.2 - Stored Cross-Site Scripting via SVG File Upload
Apr 02, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-29640 CRITICAL
aliyundrive-webdav 2.3.3 - Remote Code Execution via sid Parameter in action_query_qrcode
Mar 29, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-1729 MEDIUM
gradio < 4.19.2 - Timing Attack via Login Function Password Comparison
Mar 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-29888 MEDIUM
Saleor 3.14.56-3.14.61 - Unauthorized Exposure of Private Personal Information via Click-and-Collect Address Overwrite
Mar 27, 2024
CVSS 4.2
EPSS 0.01
CVE-2024-28233 HIGH
JupyterHub < 4.1.0 - Cross-Site Scripting via Malicious Subdomain
Mar 27, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1540 HIGH
gradio < 4.18.0 - Command Injection via GitHub Context Expression Handling
Mar 27, 2024
CVSS 8.2
EPSS 0.02
CVE-2024-27091 MEDIUM
GeoNode 3.2.0-4.2.2 - Stored Cross-Site Scripting via Rich Text Editor
Mar 27, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28335 CRITICAL
Lektor < 3.3.11 - Remote Code Execution via DB Path Traversal
Mar 27, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-2206 MEDIUM
gradio < 4.18.0 - Server-Side Request Forgery via Proxy Route URL Validation
Mar 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-29735 MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
Mar 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-1455 MEDIUM
langchain 0.1.4-0.1.34 - Denial of Service via XML Entity Expansion
Mar 26, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-29199 LOW
Nautobot < 1.6.16 - Unauthenticated Exposure of Sensitive Information via URL Endpoints
Mar 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-29189 HIGH
PyAnsys Geometry <0.3.3-0.4.11 - Code Injection
Mar 26, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-1603 HIGH
PaddlePaddle Paddle <2.6.0 - Info Disclosure
Mar 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29190 HIGH
MobSF <= 3.9.5 Beta - android:host Server-Side Request Forgery
Mar 22, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1727 MEDIUM
gradio < 4.19.2 - Cross-Site Request Forgery via File Upload
Mar 21, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-28102 MEDIUM
jwcrypto < 1.5.6 - Denial of Service via Malicious JWE Token
Mar 21, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-27292 HIGH NUCLEI
Docassemble - Local File Inclusion
Mar 21, 2024
CVSS 7.5
EPSS 0.69
CVE-2024-27291 MEDIUM
Docassemble <1.4.97 - Open Redirect
Mar 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27290 MEDIUM
docassemble < 1.4.97 - Stored Cross-Site Scripting via User Input Field
Mar 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-29033 HIGH
jupyter/oauthenticator < 16.3.0 - Improper Authorization via GoogleOAuthenticator.hosted_domain
Mar 20, 2024
CVSS 7.5
EPSS 0.01