pypi
4,998 tracked vulnerabilities.
CVE-2024-31215
MEDIUM
Mobile Security Framework < 3.9.8 - Server-Side Request Forgery via Firebase Database Check
Apr 04, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-3116
HIGH
pgAdmin4 <= 8.4 - Remote Code Execution via Validate Binary Path API
Apr 04, 2024
CVSS 7.4
EPSS 0.65
CVE-2024-30265
HIGH
Collabora Online - Local File Inclusion
Apr 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-28219
MEDIUM
Pillow < 10.3.0 - Buffer Overflow via Unsafe strcpy in _imagingcms.c
Apr 03, 2024
CVSS 6.7
EPSS 0.01
CVE-2024-30248
HIGH
piccolo-admin 1.2.0-1.3.2 - Stored Cross-Site Scripting via SVG File Upload
Apr 02, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-29640
CRITICAL
aliyundrive-webdav 2.3.3 - Remote Code Execution via sid Parameter in action_query_qrcode
Mar 29, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-1729
MEDIUM
gradio < 4.19.2 - Timing Attack via Login Function Password Comparison
Mar 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-29888
MEDIUM
Saleor 3.14.56-3.14.61 - Unauthorized Exposure of Private Personal Information via Click-and-Collect Address Overwrite
Mar 27, 2024
CVSS 4.2
EPSS 0.01
CVE-2024-28233
HIGH
JupyterHub < 4.1.0 - Cross-Site Scripting via Malicious Subdomain
Mar 27, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1540
HIGH
gradio < 4.18.0 - Command Injection via GitHub Context Expression Handling
Mar 27, 2024
CVSS 8.2
EPSS 0.02
CVE-2024-27091
MEDIUM
GeoNode 3.2.0-4.2.2 - Stored Cross-Site Scripting via Rich Text Editor
Mar 27, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28335
CRITICAL
Lektor < 3.3.11 - Remote Code Execution via DB Path Traversal
Mar 27, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-2206
MEDIUM
gradio < 4.18.0 - Server-Side Request Forgery via Proxy Route URL Validation
Mar 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-29735
MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
Mar 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-1455
MEDIUM
langchain 0.1.4-0.1.34 - Denial of Service via XML Entity Expansion
Mar 26, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-29199
LOW
Nautobot < 1.6.16 - Unauthenticated Exposure of Sensitive Information via URL Endpoints
Mar 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-29189
HIGH
PyAnsys Geometry <0.3.3-0.4.11 - Code Injection
Mar 26, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-1603
HIGH
PaddlePaddle Paddle <2.6.0 - Info Disclosure
Mar 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29190
HIGH
MobSF <= 3.9.5 Beta - android:host Server-Side Request Forgery
Mar 22, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-1727
MEDIUM
gradio < 4.19.2 - Cross-Site Request Forgery via File Upload
Mar 21, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-28102
MEDIUM
jwcrypto < 1.5.6 - Denial of Service via Malicious JWE Token
Mar 21, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-27292
HIGH
NUCLEI
Docassemble - Local File Inclusion
Mar 21, 2024
CVSS 7.5
EPSS 0.69
CVE-2024-27291
MEDIUM
Docassemble <1.4.97 - Open Redirect
Mar 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27290
MEDIUM
docassemble < 1.4.97 - Stored Cross-Site Scripting via User Input Field
Mar 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-29033
HIGH
jupyter/oauthenticator < 16.3.0 - Improper Authorization via GoogleOAuthenticator.hosted_domain
Mar 20, 2024
CVSS 7.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters