pypi

4,998 tracked vulnerabilities.

CVE-2023-47265 MEDIUM
Apache Airflow 2.6.0-2.7.3 - Stored Cross-Site Scripting in DAG Parameter Description Field
Dec 21, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-7018 HIGH
huggingface/transformers < 4.36.0 - Remote Code Execution via Pickle Deserialization
Dec 20, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-6977 HIGH NUCLEI
MLflow < 2.9.2 - Information Disclosure
Dec 20, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-6976 HIGH
MLflow < 2.9.2 - Arbitrary File Write via Unrestricted File Upload
Dec 20, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-6975 CRITICAL
MLflow <= 2.9.2 - Command Injection
Dec 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-6974 CRITICAL
MLflow < 2.9.2 - Server-Side Request Forgery
Dec 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-6730 HIGH
huggingface/transformers < 4.36.0 - Deserialization of Untrusted Data
Dec 19, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-49736 MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
Dec 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49734 HIGH
Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership
Dec 19, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-46104 MEDIUM
Apache Superset <= 2.1.2, 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via Malicious ZIP Import
Dec 19, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-6940 HIGH
MLflow < 2.9.2 - Remote Code Execution via Malicious Config Download
Dec 19, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-48795 MEDIUM NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.93
CVE-2023-5115 MEDIUM
Ansible Automation Platform - Path Traversal via Malicious Role Symlink
Dec 18, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-6909 HIGH NUCLEI
MLflow < 2.9.2 - Path Traversal via Backslash Dot-Dot-Slash Sequence
Dec 18, 2023
CVSS 7.5
EPSS 0.90
CVE-2023-50715 MEDIUM
Home Assistant < 2023.12.3 - Unauthenticated User Account Enumeration via LAN Login Page
Dec 15, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-6831 HIGH NUCLEI
MLflow < 2.9.2 - Path Traversal via Backslash-Dot-Dot-Slash Sequence
Dec 15, 2023
CVSS 8.1
EPSS 0.03
CVE-2023-6572 HIGH
gradio-app/gradio <main - Command Injection
Dec 14, 2023
CVSS 8.1
EPSS 0.02
CVE-2023-6569 HIGH
h2o - Path Traversal
Dec 14, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-50248 MEDIUM
CKAN <2.9.10-2.10.3 - Memory Corruption
Dec 13, 2023
CVSS 4.5
EPSS 0.01
CVE-2023-46247 HIGH
vyper < 0.3.8 - Incorrect Storage Slot Calculation via Floating-Point Rounding Error
Dec 13, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-6753 HIGH
MLflow < 2.9.2 - Path Traversal
Dec 13, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-50263 LOW
Nautobot 1.x-2.0.x < 1.6.7/2.0.6 - Unauthenticated Arbitrary File Download via FileProxy Endpoints
Dec 12, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-5764 HIGH
Ansible < 2.14.12 and 2.16.0-2.16.1 - Template Injection via Unsafe Data Handling
Dec 12, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-43364 CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
Dec 12, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-35625 MEDIUM
Azure Machine Learning SDK < 1.5.0 - Exposure of Sensitive Information
Dec 12, 2023
CVSS 4.7
EPSS 0.01