pypi

4,998 tracked vulnerabilities.

CVE-2024-26280 MEDIUM
Apache Airflow < 2.8.2 - Authenticated Information Disclosure via Audit Log Permissions
Mar 01, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-27906 MEDIUM
Apache Airflow <2.8.2 - Info Disclosure
Feb 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-27083 MEDIUM
Flask-AppBuilder 4.1.4-4.2.1 - Cross-Site Scripting on OAuth Login Page
Feb 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-25128 CRITICAL
Flask-AppBuilder <4.3.11 - OpenID Authentication Bypass via Forged Provider Request
Feb 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-25170 CRITICAL
Mezzanine 6.0.0 - Incorrect Authorization via Host Header Manipulation
Feb 28, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-25169 CRITICAL
Mezzanine 6.0.0 - Improper Access Control in Admin Panel
Feb 28, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-26016 MEDIUM
Apache Superset < 3.0.4, 3.1.0 - Authenticated Dashboard Ownership Takeover via Import
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-24779 MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - Info Disclosure
Feb 28, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-24773 MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - SQL Injection
Feb 28, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-24772 MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-27315 MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-1892 MEDIUM
scrapy < 2.11.1 - Denial of Service via XMLFeedSpider XML Parsing
Feb 28, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-25723 HIGH NUCLEI
ZenML ZenML Server - Improper Authentication
Feb 27, 2024
CVSS 8.8
EPSS 0.71
CVE-2024-25711 HIGH
diffoscope < 256 - Directory Traversal via GPG Embedded Filename
Feb 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26149 LOW
vyperlang/vyper < 0.3.10 - Memory Buffer Overflow in _abi_decode Array Index Handling
Feb 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-24564 LOW
vyper < 0.4.0 - Out-of-bounds Read via extract32 Function
Feb 26, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-27081 HIGH
ESPHome <2024.2.1 - Authenticated RCE
Feb 26, 2024
CVSS 7.2
EPSS 0.02
CVE-2024-27454 HIGH
orjson <3.9.15 - Stack-Based Buffer Overflow
Feb 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27447 CRITICAL
pretix < 2024.1.1 - Improper Input Validation
Feb 26, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-27444 CRITICAL
langchain-experimental < 0.1.8 - Remote Code Execution via Unrestricted Python Attribute Access
Feb 26, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-0243 HIGH
langchain < 0.1.0 - Server-Side Request Forgery via RecursiveUrlLoader
Feb 26, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-21502 HIGH
fastecdsa < 2.3.2 - Use of Uninitialized Variable in curvemath_mul
Feb 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27133 HIGH
MLflow < 2.9.2 and 2.9.2-2.10.0 - Stored Cross-Site Scripting in Dataset Table Fields
Feb 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27132 HIGH
MLflow < 2.9.2 and < 2.10.0 - Cross-Site Scripting via Untrusted Recipe Template Variables
Feb 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27319 MEDIUM
ONNX < 1.16.0 - Out-of-bounds Read via ONNX_ASSERT Function
Feb 23, 2024
CVSS 4.4
EPSS 0.01