pypi

4,998 tracked vulnerabilities.

CVE-2024-29032 MEDIUM
Qiskit IBM Runtime 0.1.0-0.21.1 - Remote Code Execution via RuntimeDecoder JSON Deserialization
Mar 20, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-28179 CRITICAL
Jupyter Server Proxy < 3.2.3 and 4.0.0-4.1.1 - Unauthenticated Remote Code Execution via WebSocket Endpoint
Mar 20, 2024
CVSS 9.0
EPSS 0.01
CVE-2024-21503 MEDIUM
black < 24.3.0 - Denial of Service via Inefficient Regular Expression in strings.py
Mar 19, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-28865 HIGH
django-wiki <0.10.1 - Info Disclosure
Mar 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-28237 MEDIUM
OctoPrint < 1.10.0 - Stored Cross-Site Scripting via Webcam Snapshot URL
Mar 18, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-29156 MEDIUM
OpenStack Murano <16.0.0 - Info Disclosure
Mar 18, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-22513 MEDIUM
djangorestframework-simplejwt <5.3.1 - Info Disclosure
Mar 16, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-27351 MEDIUM
Django <3.2.25, <4.2.11, <5.0.3 - DoS
Mar 15, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-24770 MEDIUM
vantage6 < 4.2.2 and >= 4.3.0 - Username Enumeration via Password Recovery and 2FA Lost Token Endpoints
Mar 14, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-23823 MEDIUM
vantage6 < 4.2.1 and >=0 < 4.3.0 - Permissive Cross-domain Security Policy
Mar 14, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-28746 HIGH
Apache Airflow <2.8.3 - Info Disclosure
Mar 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-27097 MEDIUM
CKAN <2.9.11, <2.10.4 - Info Disclosure
Mar 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-27305 MEDIUM
aiosmtpd <1.4.5 - SMTP Smuggling Sender Spoofing
Mar 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-26164 HIGH
Microsoft Django Backend for SQL Server < 1.4.1 - Remote Code Execution
Mar 12, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-27758 HIGH
RPyC 4.0.0-5.9.9 - Remote Code Execution via __array__ Attribute
Mar 12, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-28184 HIGH
WeasyPrint <61.2 - File/URL Injection
Mar 09, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-2319 MEDIUM
Django MarkdownX 4.0.2 - Stored Cross-Site Scripting via Upload Functionality
Mar 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-2044 CRITICAL
pgAdmin4 < 8.4 - Unauthenticated Path Traversal and Remote Code Execution via Session Deserialization
Mar 07, 2024
CVSS 9.9
EPSS 0.79
CVE-2024-0818 CRITICAL
paddlepaddle < 2.6.0 - Arbitrary File Overwrite via Path Traversal
Mar 07, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-0917 CRITICAL
paddlepaddle 2.6.0 - Remote Code Execution
Mar 07, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-0815 HIGH
Paddlepaddle <2.6.0 - Command Injection
Mar 07, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-0817 HIGH
PaddlePaddle <2.6.0 - Command Injection
Mar 07, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-27287 MEDIUM
ESPHome 2023.12.9-2024.2.2 - Authenticated Stored Cross-Site Scripting via Dashboard Configuration File Edit
Mar 06, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-22889 HIGH
Plone 6.0.9 - Unauthenticated Arbitrary File Read via Crafted Request
Mar 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-28088 HIGH
langchain < 0.1.12 and langchain-core < 0.1.30 - Path Traversal via load_chain Path Parameter
Mar 04, 2024
CVSS 8.1
EPSS 0.02