pypi
4,998 tracked vulnerabilities.
CVE-2024-21485
MEDIUM
NUCLEI
dash < 2.15.0 - Stored Cross-Site Scripting via Controlled href Attribute
Feb 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24561
CRITICAL
vyperlang/vyper < 0.3.10 and pypi/vyper < 0.4.0 - Memory Buffer Overflow via Slice Bounds Check
Feb 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-1141
MEDIUM
python-glance-store - Info Disclosure
Feb 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-23637
MEDIUM
OctoPrint <= 1.9.3 - Unverified Password Change
Jan 31, 2024
CVSS 4.2
EPSS 0.01
CVE-2024-24567
MEDIUM
vyperlang/vyper < 0.3.10 - Incorrect Value Handling in raw_call Builtin
Jan 30, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-22193
LOW
vantage6 < 4.2.0 - Insecure Storage of Sensitive Information
Jan 30, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-21671
LOW
vantage6 < 4.2.0 - Observable Timing Discrepancy in Login Response
Jan 30, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-21653
MEDIUM
vantage6 < 4.2.0 - Improper Access Control via Default SSH Configuration
Jan 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-21649
HIGH
vantage6 < 4.2.0 - Authenticated Remote Code Execution via Algorithm Environment Variables
Jan 30, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-23829
MEDIUM
aiohttp < 3.9.2 - HTTP Request Smuggling via Inconsistent HTTP Parser Validation
Jan 29, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23334
MEDIUM
NUCLEI
aiohttp - Directory Traversal
Jan 29, 2024
CVSS 5.9
EPSS 0.77
CVE-2024-0960
MEDIUM
Flink-extended ai-flow 0.3.1 - Deserialization
Jan 27, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-0937
MEDIUM
van_der_Schaar LAB synthcity <0.2.9 - Deserialization
Jan 26, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-0727
MEDIUM
OpenSSL 1.0.2-1.0.2zj, 1.1.1-1.1.1w, 3.0.0-3.0.12, 3.1.0-3.1.4, 3.2.0 - DoS via PKCS12 NULL Pointer Dereference
Jan 26, 2024
CVSS 5.5
EPSS 0.03
CVE-2024-23633
MEDIUM
Label Studio < 1.10.1 - Stored Cross-Site Scripting via Remote Import Feature
Jan 24, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-23341
MEDIUM
TuiTse-TsuSin < 1.3.2 - Cross-Site Scripting via Unquoted Input in tuitse_html
Jan 23, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-22417
MEDIUM
Whoogle Search <0.8.3 - Reflected XSS
Jan 23, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22205
CRITICAL
Whoogle Search < 0.8.4 - Server-Side Request Forgery via Window Endpoint Location Parameter
Jan 23, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22204
MEDIUM
Whoogle Search <0.8.3 - Path Traversal
Jan 23, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22203
CRITICAL
benbusby/whoogle_search < 0.8.4 - Server-Side Request Forgery via Unvalidated src_type and element_url Parameters
Jan 23, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-23345
HIGH
Nautobot < 1.6.10 and 2.0.0-2.1.2 - Stored Cross-Site Scripting via Markdown Rendering
Jan 23, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-23342
HIGH
ecdsa < 0.18.0 - Covert Timing Channel
Jan 23, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-23752
CRITICAL
PandasAI through 1.5.17 - Unauthenticated Remote Code Execution via GenerateSDFPipeline
Jan 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-23751
CRITICAL
LlamaIndex < 0.9.34 - SQL Injection via Text-to-SQL Feature
Jan 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-23750
HIGH
MetaGPT <= 0.6.4 - Remote Code Execution via QaEngineer Role
Jan 22, 2024
CVSS 8.8
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters