pypi

4,998 tracked vulnerabilities.

CVE-2023-33976 HIGH
TensorFlow < 2.13.0 - Denial of Service via array_ops.upper_bound Rank Check
Jul 30, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-49793 MEDIUM
CodeChecker < 6.23.0 - Authenticated Path Traversal via Mass Store Run Endpoint
Jun 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-46960 HIGH
PyPXE 1.8.4 - Denial of Service via TFTP Handle Function Buffer Overflow
Apr 29, 2024
CVSS 8.6
EPSS 0.01
CVE-2023-1000 MEDIUM
dcnnt-py < 0.9.1 - Remote Command Injection in Notification Handler
Apr 27, 2024
CVSS 6.3
EPSS 0.01
CVE-2023-29483 HIGH
eventlet < 0.35.2 - DNS Spoofing via Self-reported DNS Name Trust
Apr 11, 2024
CVSS 7.0
EPSS 0.02
CVE-2023-41334 HIGH
astropy < 5.3.3 - Remote Code Execution via TransformGraph().to_dot_graph savelayout Argument
Mar 18, 2024
CVSS 8.4
EPSS 0.01
CVE-2023-6681 MEDIUM
JWCrypto < 1.5.1 - Denial of Service via Excessive Resource Consumption
Feb 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-50782 HIGH
Python-cryptography - Info Disclosure
Feb 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-50781 HIGH
Red Hat Enterprise Linux - Observable Discrepancy in RSA Key Exchange
Feb 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-47116 MEDIUM
Label Studio < 1.11.0 - Server-Side Request Forgery via DNS Rebinding or HTTP Redirection
Jan 31, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-51702 MEDIUM
Apache Airflow 2.3.0-2.6.0 Sensitive Information Exposure in Deferrable Mode
Jan 24, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-50944 MEDIUM
Apache Airflow < 2.8.1 - Authenticated Unauthorized DAG Source Code Access
Jan 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-50943 HIGH
Apache Airflow < 2.8.1 - Deserialization of Untrusted Data via XCom Poisoning
Jan 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-47115 HIGH NUCLEI
Label Studio < 1.9.2 - Authenticated Stored Cross-Site Scripting via Avatar Image Upload
Jan 23, 2024
CVSS 7.1
EPSS 0.01
CVE-2023-49657 CRITICAL
Apache Superset < 3.0.3 - Authenticated Stored Cross-Site Scripting in Chart or Dashboard
Jan 23, 2024
CVSS 9.6
EPSS 0.01
CVE-2023-50447 HIGH
Pillow < 10.1.0 - Remote Code Execution via PIL.ImageMath.eval Environment Parameter
Jan 19, 2024
CVSS 8.1
EPSS 0.02
CVE-2023-6395 MEDIUM
Mock - Privilege Escalation
Jan 16, 2024
CVSS 6.7
EPSS 0.02
CVE-2023-46226 CRITICAL
Apache IoTDB 1.0.0-1.2.2 - Remote Code Execution
Jan 15, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-52289 HIGH
flaskcode < 0.0.8 - Unauthenticated Path Traversal and Arbitrary File Write via /update-resource-data Endpoint
Jan 13, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-52288 HIGH
flaskcode < 0.0.8 - Unauthenticated Path Traversal via /resource-data Endpoint
Jan 13, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-45139 HIGH
fonttools 4.28.2-4.42.9 - XML External Entity Injection via SVG Table Parsing
Jan 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-50974 MEDIUM
Appwrite CLI < 3.0.0 - Unprotected Credential Exposure via Prefs.json File
Jan 09, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-47890 HIGH
pyload 0.5.0 - Unauthenticated Path Traversal via Unrestricted File Upload
Jan 08, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-52323 MEDIUM
PyCryptodome and PyCryptodomeX < 3.19.1 - Side-Channel Leakage for OAEP Decryption
Jan 05, 2024
CVSS 5.9
EPSS 0.01
CVE-2023-52314 CRITICAL
PaddlePaddle < 2.6.0 - OS Command Injection via convert_shape_compare
Jan 03, 2024
CVSS 9.6
EPSS 0.01