pypi

4,998 tracked vulnerabilities.

CVE-2024-21485 MEDIUM NUCLEI
dash < 2.15.0 - Stored Cross-Site Scripting via Controlled href Attribute
Feb 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24561 CRITICAL
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Buffer Overflow via Slice Bounds Check
Feb 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-1141 MEDIUM
python-glance-store - Info Disclosure
Feb 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-23637 MEDIUM
OctoPrint <= 1.9.3 - Unverified Password Change
Jan 31, 2024
CVSS 4.2
EPSS 0.01
CVE-2024-24567 MEDIUM
vyperlang/vyper < 0.3.10 - Incorrect Value Handling in raw_call Builtin
Jan 30, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-22193 LOW
vantage6 < 4.2.0 - Insecure Storage of Sensitive Information
Jan 30, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-21671 LOW
vantage6 < 4.2.0 - Observable Timing Discrepancy in Login Response
Jan 30, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-21653 MEDIUM
vantage6 < 4.2.0 - Improper Access Control via Default SSH Configuration
Jan 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-21649 HIGH
vantage6 < 4.2.0 - Authenticated Remote Code Execution via Algorithm Environment Variables
Jan 30, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-23829 MEDIUM
aiohttp < 3.9.2 - HTTP Request Smuggling via Inconsistent HTTP Parser Validation
Jan 29, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23334 MEDIUM NUCLEI
aiohttp - Directory Traversal
Jan 29, 2024
CVSS 5.9
EPSS 0.77
CVE-2024-0960 MEDIUM
Flink-extended ai-flow 0.3.1 - Deserialization
Jan 27, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-0937 MEDIUM
van_der_Schaar LAB synthcity <0.2.9 - Deserialization
Jan 26, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-0727 MEDIUM
OpenSSL 1.0.2-1.0.2zj, 1.1.1-1.1.1w, 3.0.0-3.0.12, 3.1.0-3.1.4, 3.2.0 - DoS via PKCS12 NULL Pointer Dereference
Jan 26, 2024
CVSS 5.5
EPSS 0.03
CVE-2024-23633 MEDIUM
Label Studio < 1.10.1 - Stored Cross-Site Scripting via Remote Import Feature
Jan 24, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-23341 MEDIUM
TuiTse-TsuSin < 1.3.2 - Cross-Site Scripting via Unquoted Input in tuitse_html
Jan 23, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-22417 MEDIUM
Whoogle Search <0.8.3 - Reflected XSS
Jan 23, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22205 CRITICAL
Whoogle Search < 0.8.4 - Server-Side Request Forgery via Window Endpoint Location Parameter
Jan 23, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22204 MEDIUM
Whoogle Search <0.8.3 - Path Traversal
Jan 23, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22203 CRITICAL
benbusby/whoogle_search < 0.8.4 - Server-Side Request Forgery via Unvalidated src_type and element_url Parameters
Jan 23, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-23345 HIGH
Nautobot < 1.6.10 and 2.0.0-2.1.2 - Stored Cross-Site Scripting via Markdown Rendering
Jan 23, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-23342 HIGH
ecdsa < 0.18.0 - Covert Timing Channel
Jan 23, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-23752 CRITICAL
PandasAI through 1.5.17 - Unauthenticated Remote Code Execution via GenerateSDFPipeline
Jan 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-23751 CRITICAL
LlamaIndex < 0.9.34 - SQL Injection via Text-to-SQL Feature
Jan 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-23750 HIGH
MetaGPT <= 0.6.4 - Remote Code Execution via QaEngineer Role
Jan 22, 2024
CVSS 8.8
EPSS 0.01