pypi
4,998 tracked vulnerabilities.
CVE-2024-27318
HIGH
ONNX < 1.16.0 - Path Traversal via External Data Field
Feb 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26152
MEDIUM
Label Studio < 1.11.0 - Stored Cross-Site Scripting via File Upload in Choices or Labels Tag
Feb 22, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-26151
HIGH
mjml-python 0.10.0-0.10.9 - Cross-Site Scripting via Unsanitized Template Input
Feb 22, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-26130
HIGH
cryptography 38.0.0-42.0.3 - NULL Pointer Dereference in pkcs12.serialize_key_and_certificates
Feb 21, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23346
CRITICAL
pymatgen < 2024.2.20 - Remote Code Execution via JonesFaithfulTransformation.from_transformation_str()
Feb 21, 2024
CVSS 9.3
EPSS 0.04
CVE-2024-25141
CRITICAL
Mongo Hook <4.0.0 - Info Disclosure
Feb 20, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-1647
HIGH
pyhtml2pdf 0.0.6 - Arbitrary Local File Read via Unvalidated HTML Content
Feb 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26134
HIGH
cbor2 5.5.1-5.6.1 - Denial of Service via Long CBOR Object
Feb 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23952
MEDIUM
Apache Superset <= 2.1.2 and 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via ZIP Import
Feb 14, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-25112
MEDIUM
Exiv2 0.28.0-0.28.1 - Denial of Service via Unbounded Recursion in QuickTimeVideo::multipleEntriesDecoder
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-24826
MEDIUM
Exiv2 0.28.0-0.28.1 - Out-of-bounds Read in QuickTimeVideo::NikonTagsDecoder
Feb 12, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-21624
MEDIUM
nonebot2 2.0.1-2.2.0 - Information Exposure via MessageTemplate User Input
Feb 09, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-24825
CRITICAL
DIRAC < 8.0.37 - Unauthorized Token Exposure
Feb 09, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-24563
CRITICAL
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Improper Array Index Validation
Feb 07, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-24811
CRITICAL
Products.SQLAlchemyDA < 2.2 - Unauthenticated SQL Injection
Feb 07, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-24680
HIGH
Django <3.2.24, <4.2.10, <5.0.2 - DoS
Feb 06, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-24591
HIGH
Allegro AI's ClearML <1.14.1 - Path Traversal
Feb 06, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-24590
HIGH
Allegro AI's ClearML <1.14.2 - Code Injection
Feb 06, 2024
CVSS 8.0
EPSS 0.02
CVE-2024-0690
MEDIUM
ansible-core < 2.14.14 - Information Disclosure via ANSIBLE_NO_LOG Bypass
Feb 06, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-24808
MEDIUM
pyload < 0.5.0 - Open Redirect via Login Redirect Validation
Feb 06, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-0964
CRITICAL
Gradio < 4.9.0 - Path Traversal via API Request JSON Value
Feb 05, 2024
CVSS 9.4
EPSS 0.01
CVE-2024-24595
MEDIUM
Allegro AI's ClearML - Info Disclosure
Feb 05, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-24559
LOW
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Broken Cryptographic Algorithm in sha3_64
Feb 05, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-24762
HIGH
python-multipart < 0.0.7 - Regular Expression Denial of Service via Content-Type Header Parsing
Feb 05, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-24560
LOW
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Corruption via Overlapping Input/Return Buffers
Feb 02, 2024
CVSS 3.7
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters