pypi

4,998 tracked vulnerabilities.

CVE-2024-23732 HIGH
embedchain < 0.1.57 - Denial of Service via JSON Loader ReDoS
Jan 21, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23731 CRITICAL
embedchain < 0.1.57 - Remote Code Execution via OpenAPI Loader YAML Deserialization
Jan 21, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-23730 CRITICAL
LlamaHub < 0.0.67 - Remote Code Execution via YAML Deserialization in OpenAPI and ChatGPT Plugin Loaders
Jan 21, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-0521 HIGH
Paddlepaddle paddle - Code Injection
Jan 20, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-22421 HIGH
JupyterLab <4.1.0b2-3.6.7 - Info Disclosure
Jan 19, 2024
CVSS 7.6
EPSS 0.01
CVE-2024-22420 MEDIUM
JupyterLab <4.0.11 - Privilege Escalation
Jan 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23329 LOW
changedetection.io 0.39.14-0.45.13 - Unauthenticated Watch History Exposure via API Endpoint
Jan 19, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-22415 HIGH
jupyter-lsp < 2.2.2 - Unauthenticated Improper Access Control
Jan 18, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-22419 HIGH
vyper < 0.3.10 and >=0.3.0 <0.4.0 - Buffer Overflow in concat Built-in
Jan 18, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-0669 MEDIUM
Plone < 6.0.5 - Cross-Frame Scripting via Malicious URL
Jan 18, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-22416 CRITICAL
pyload-ng < 0.5.0b3.dev78 - Unauthenticated Cross-Site Request Forgery via GET API Requests
Jan 18, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-21669 CRITICAL
Hyperledger Aries Cloud Agent Python 0.7.0-0.10.4 - Cryptographic Signature Verification Bypass
Jan 11, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-22195 MEDIUM
Jinja < 3.1.3 - Cross-Site Scripting via xmlattr Filter
Jan 11, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-22194 LOW
cdo-local-uuid <0.4.0 - Info Disclosure
Jan 11, 2024
CVSS 2.2
EPSS 0.00
CVE-2024-22190 HIGH
GitPython < 3.1.41 - Untrusted Search Path on Windows via Git or Bash Execution
Jan 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-21645 MEDIUM NUCLEI
pyload < 0.5.0b3.dev77 - Unauthenticated Log Injection
Jan 08, 2024
CVSS 5.3
EPSS 0.25
CVE-2024-21644 HIGH NUCLEI
pyload < 0.5.0b3.dev77 - Unauthenticated Information Exposure via Flask Config Endpoint
Jan 08, 2024
CVSS 7.5
EPSS 0.42
CVE-2024-21642 HIGH
D-Tale < 3.9.0 - Server-Side Request Forgery via Load From the Web Input
Jan 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21910 MEDIUM
TinyMCE < 5.10.0 - Unauthenticated Stored Cross-Site Scripting via Crafted Image or Link URLs
Jan 03, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-7333 MEDIUM
records-mover < 1.6.0 - SQL Injection in Table Object Handler
Jan 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2023-51232 HIGH
Dagster < 1.5.11 - Directory Traversal via /logs Endpoint
Jul 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2023-25574 CRITICAL
jupyterhub-ltiauthenticator 1.3.0-1.4.0 - Improper Verification of Cryptographic Signature in LTI13Authenticator
Feb 25, 2025
CVSS 10.0
EPSS 0.00
CVE-2023-1907 HIGH
pgadmin < 7.0 - Unauthenticated Session Hijacking via LDAP Authentication
Jan 09, 2025
CVSS 8.0
EPSS 0.00
CVE-2023-6110 MEDIUM
python-openstackclient < 6.3.0 - Unauthenticated Access Rule Deletion via Non-Existent Rule Handling
Nov 17, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-34049 MEDIUM
Salt < 3005.4 - Predictable Script Path Hijacking in Salt-SSH Pre-Flight
Nov 14, 2024
CVSS 6.7
EPSS 0.00