pypi
4,998 tracked vulnerabilities.
CVE-2023-47265
MEDIUM
Apache Airflow 2.6.0-2.7.3 - Stored Cross-Site Scripting in DAG Parameter Description Field
Dec 21, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-7018
HIGH
huggingface/transformers < 4.36.0 - Remote Code Execution via Pickle Deserialization
Dec 20, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-6977
HIGH
NUCLEI
MLflow < 2.9.2 - Information Disclosure
Dec 20, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-6976
HIGH
MLflow < 2.9.2 - Arbitrary File Write via Unrestricted File Upload
Dec 20, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-6975
CRITICAL
MLflow <= 2.9.2 - Command Injection
Dec 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-6974
CRITICAL
MLflow < 2.9.2 - Server-Side Request Forgery
Dec 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-6730
HIGH
huggingface/transformers < 4.36.0 - Deserialization of Untrusted Data
Dec 19, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-49736
MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
Dec 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49734
HIGH
Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership
Dec 19, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-46104
MEDIUM
Apache Superset <= 2.1.2, 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via Malicious ZIP Import
Dec 19, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-6940
HIGH
MLflow < 2.9.2 - Remote Code Execution via Malicious Config Download
Dec 19, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-48795
MEDIUM
NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.93
CVE-2023-5115
MEDIUM
Ansible Automation Platform - Path Traversal via Malicious Role Symlink
Dec 18, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-6909
HIGH
NUCLEI
MLflow < 2.9.2 - Path Traversal via Backslash Dot-Dot-Slash Sequence
Dec 18, 2023
CVSS 7.5
EPSS 0.90
CVE-2023-50715
MEDIUM
Home Assistant < 2023.12.3 - Unauthenticated User Account Enumeration via LAN Login Page
Dec 15, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-6831
HIGH
NUCLEI
MLflow < 2.9.2 - Path Traversal via Backslash-Dot-Dot-Slash Sequence
Dec 15, 2023
CVSS 8.1
EPSS 0.03
CVE-2023-6572
HIGH
gradio-app/gradio <main - Command Injection
Dec 14, 2023
CVSS 8.1
EPSS 0.02
CVE-2023-6569
HIGH
h2o - Path Traversal
Dec 14, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-50248
MEDIUM
CKAN <2.9.10-2.10.3 - Memory Corruption
Dec 13, 2023
CVSS 4.5
EPSS 0.01
CVE-2023-46247
HIGH
vyper < 0.3.8 - Incorrect Storage Slot Calculation via Floating-Point Rounding Error
Dec 13, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-6753
HIGH
MLflow < 2.9.2 - Path Traversal
Dec 13, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-50263
LOW
Nautobot 1.x-2.0.x < 1.6.7/2.0.6 - Unauthenticated Arbitrary File Download via FileProxy Endpoints
Dec 12, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-5764
HIGH
Ansible < 2.14.12 and 2.16.0-2.16.1 - Template Injection via Unsafe Data Handling
Dec 12, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-43364
CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
Dec 12, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-35625
MEDIUM
Azure Machine Learning SDK < 1.5.0 - Exposure of Sensitive Information
Dec 12, 2023
CVSS 4.7
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 87
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters