pypi
4,998 tracked vulnerabilities.
CVE-2024-26280
MEDIUM
Apache Airflow < 2.8.2 - Authenticated Information Disclosure via Audit Log Permissions
Mar 01, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-27906
MEDIUM
Apache Airflow <2.8.2 - Info Disclosure
Feb 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-27083
MEDIUM
Flask-AppBuilder 4.1.4-4.2.1 - Cross-Site Scripting on OAuth Login Page
Feb 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-25128
CRITICAL
Flask-AppBuilder <4.3.11 - OpenID Authentication Bypass via Forged Provider Request
Feb 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-25170
CRITICAL
Mezzanine 6.0.0 - Incorrect Authorization via Host Header Manipulation
Feb 28, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-25169
CRITICAL
Mezzanine 6.0.0 - Improper Access Control in Admin Panel
Feb 28, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-26016
MEDIUM
Apache Superset < 3.0.4, 3.1.0 - Authenticated Dashboard Ownership Takeover via Import
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-24779
MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - Info Disclosure
Feb 28, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-24773
MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - SQL Injection
Feb 28, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-24772
MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-27315
MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-1892
MEDIUM
scrapy < 2.11.1 - Denial of Service via XMLFeedSpider XML Parsing
Feb 28, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-25723
HIGH
NUCLEI
ZenML ZenML Server - Improper Authentication
Feb 27, 2024
CVSS 8.8
EPSS 0.71
CVE-2024-25711
HIGH
diffoscope < 256 - Directory Traversal via GPG Embedded Filename
Feb 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26149
LOW
vyperlang/vyper < 0.3.10 - Memory Buffer Overflow in _abi_decode Array Index Handling
Feb 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-24564
LOW
vyper < 0.4.0 - Out-of-bounds Read via extract32 Function
Feb 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-27081
HIGH
ESPHome <2024.2.1 - Authenticated RCE
Feb 26, 2024
CVSS 7.2
EPSS 0.02
CVE-2024-27454
HIGH
orjson <3.9.15 - Stack-Based Buffer Overflow
Feb 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27447
CRITICAL
pretix < 2024.1.1 - Improper Input Validation
Feb 26, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-27444
CRITICAL
langchain-experimental < 0.1.8 - Remote Code Execution via Unrestricted Python Attribute Access
Feb 26, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-0243
HIGH
langchain < 0.1.0 - Server-Side Request Forgery via RecursiveUrlLoader
Feb 26, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-21502
HIGH
fastecdsa < 2.3.2 - Use of Uninitialized Variable in curvemath_mul
Feb 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27133
HIGH
MLflow < 2.9.2 and 2.9.2-2.10.0 - Stored Cross-Site Scripting in Dataset Table Fields
Feb 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27132
HIGH
MLflow < 2.9.2 and < 2.10.0 - Cross-Site Scripting via Untrusted Recipe Template Variables
Feb 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27319
MEDIUM
ONNX < 1.16.0 - Out-of-bounds Read via ONNX_ASSERT Function
Feb 23, 2024
CVSS 4.4
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters