pypi

4,718 tracked vulnerabilities.

CVE-2023-6015 HIGH
MLflow < 2.8.1 - Unauthenticated Arbitrary File Write via PUT Request
Nov 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-48224 HIGH
Fides < 2.24.0 - Predictable One-Time Code Generation via Weak PRNG
Nov 15, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-46121 MEDIUM
yt-dlp <2023.11.14 - Cookie Exfiltration via Generic Extractor Proxy Injection
Nov 15, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-5189 MEDIUM
Ansible Automation Platform - Path Traversal via Malicious Tarball Extraction
Nov 14, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-47641 LOW
aiohttp < 3.8.0 - HTTP Request Smuggling via Inconsistent Content-Length and Transfer-Encoding Handling
Nov 14, 2023
CVSS 3.4
EPSS 0.00
CVE-2023-47631 HIGH
vantage6 < 4.1.2 - Insufficient Verification of Data Authenticity via Parent ID Bypass
Nov 14, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-47627 MEDIUM
aiohttp < 3.8.6 - HTTP Request Smuggling via Header Parsing
Nov 14, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-46446 MEDIUM
asyncssh < 2.14.1 - Rogue Session Attack via Packet Injection
Nov 14, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-46445 MEDIUM
asyncssh < 2.14.1 - Rogue Extension Negotiation via Man-in-the-Middle Attack
Nov 14, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-47117 HIGH NUCLEI
Label Studio < 1.9.2 - Exposure of Sensitive Information via Django ORM Filter Chain
Nov 13, 2023
CVSS 7.5
EPSS 0.71
CVE-2023-47163 HIGH
remarshal < 0.17.1 - Denial of Service via YAML Alias Node Expansion
Nov 13, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-47037 MEDIUM
Apache Airflow < 2.7.3 - Authenticated DAG Run Detail Modification via Notes Submission
Nov 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42781 MEDIUM
Apache Airflow < 2.7.3 - Authenticated Exposure of Sensitive Task Instance Information
Nov 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-47128 CRITICAL
piccolo < 1.1.1 - SQL Injection via Savepoint Name Parameter
Nov 10, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-46894 HIGH
esptool 4.6.2 - Inadequate Encryption Strength
Nov 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-43791 CRITICAL
Label Studio <1.8.2 - Privilege Escalation
Nov 09, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-47248 CRITICAL NUCLEI
PyArrow 0.14.0-14.0.0 - Remote Code Execution via Untrusted Data Deserialization
Nov 09, 2023
CVSS 9.8
EPSS 0.85
CVE-2023-47114 MEDIUM
Fides 2.15.1-2.23.2 - Stored Cross-Site Scripting in Data Subject Access Request Package
Nov 08, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-44271 HIGH
Pillow < 10.0.0 - Denial of Service via Truetype Font Memory Allocation
Nov 03, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-43665 HIGH
Django <3.2.22, <4.1.12, <4.2.6 - DoS
Nov 03, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-41164 HIGH
Django <3.2.21-<4.1.11-<4.2.5 - DoS
Nov 03, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-47204 CRITICAL
transmute-core < 1.13.5 - Remote Code Execution via YAML Deserialization
Nov 02, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-46695 HIGH
Django 3.2-3.2.22, 4.1-4.1.12, 4.2-4.2.6 - Denial of Service via NFKC Unicode Normalization
Nov 02, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-43796 MEDIUM
Synapse <1.95.1-1.96.0rc1 - Info Disclosure
Oct 31, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-46250 MEDIUM
pypdf 3.7.0-3.16.4 - Denial of Service via Infinite Loop
Oct 31, 2023
CVSS 5.1
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV