pypi

4,998 tracked vulnerabilities.

CVE-2024-27318 HIGH
ONNX < 1.16.0 - Path Traversal via External Data Field
Feb 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26152 MEDIUM
Label Studio < 1.11.0 - Stored Cross-Site Scripting via File Upload in Choices or Labels Tag
Feb 22, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-26151 HIGH
mjml-python 0.10.0-0.10.9 - Cross-Site Scripting via Unsanitized Template Input
Feb 22, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-26130 HIGH
cryptography 38.0.0-42.0.3 - NULL Pointer Dereference in pkcs12.serialize_key_and_certificates
Feb 21, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23346 CRITICAL
pymatgen < 2024.2.20 - Remote Code Execution via JonesFaithfulTransformation.from_transformation_str()
Feb 21, 2024
CVSS 9.3
EPSS 0.04
CVE-2024-25141 CRITICAL
Mongo Hook <4.0.0 - Info Disclosure
Feb 20, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-1647 HIGH
pyhtml2pdf 0.0.6 - Arbitrary Local File Read via Unvalidated HTML Content
Feb 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26134 HIGH
cbor2 5.5.1-5.6.1 - Denial of Service via Long CBOR Object
Feb 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23952 MEDIUM
Apache Superset <= 2.1.2 and 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via ZIP Import
Feb 14, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-25112 MEDIUM
Exiv2 0.28.0-0.28.1 - Denial of Service via Unbounded Recursion in QuickTimeVideo::multipleEntriesDecoder
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-24826 MEDIUM
Exiv2 0.28.0-0.28.1 - Out-of-bounds Read in QuickTimeVideo::NikonTagsDecoder
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-21624 MEDIUM
nonebot2 2.0.1-2.2.0 - Information Exposure via MessageTemplate User Input
Feb 09, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-24825 CRITICAL
DIRAC < 8.0.37 - Unauthorized Token Exposure
Feb 09, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-24563 CRITICAL
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Improper Array Index Validation
Feb 07, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-24811 CRITICAL
Products.SQLAlchemyDA < 2.2 - Unauthenticated SQL Injection
Feb 07, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-24680 HIGH
Django <3.2.24, <4.2.10, <5.0.2 - DoS
Feb 06, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-24591 HIGH
Allegro AI's ClearML <1.14.1 - Path Traversal
Feb 06, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-24590 HIGH
Allegro AI's ClearML <1.14.2 - Code Injection
Feb 06, 2024
CVSS 8.0
EPSS 0.02
CVE-2024-0690 MEDIUM
ansible-core < 2.14.14 - Information Disclosure via ANSIBLE_NO_LOG Bypass
Feb 06, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-24808 MEDIUM
pyload < 0.5.0 - Open Redirect via Login Redirect Validation
Feb 06, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-0964 CRITICAL
Gradio < 4.9.0 - Path Traversal via API Request JSON Value
Feb 05, 2024
CVSS 9.4
EPSS 0.01
CVE-2024-24595 MEDIUM
Allegro AI's ClearML - Info Disclosure
Feb 05, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-24559 LOW
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Broken Cryptographic Algorithm in sha3_64
Feb 05, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-24762 HIGH
python-multipart < 0.0.7 - Regular Expression Denial of Service via Content-Type Header Parsing
Feb 05, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-24560 LOW
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Corruption via Overlapping Input/Return Buffers
Feb 02, 2024
CVSS 3.7
EPSS 0.01