pypi

4,998 tracked vulnerabilities.

CVE-2023-6709 HIGH
mlflow/mlflow <2.9.2 - Info Disclosure
Dec 12, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-50423 CRITICAL
SAP XSSEC < 4.1.0 - Unauthenticated Privilege Escalation
Dec 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-49796 MEDIUM
mindsdb < 23.11.4.1 - Limited File Write via file.py
Dec 11, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-49795 MEDIUM
MindsDB < 23.11.4.1 - Server-Side Request Forgery in file.py
Dec 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-49797 HIGH
PyInstaller < 5.13.1 - Unauthenticated Arbitrary File Deletion via Temporary File Symlink Race Condition
Dec 09, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-48311 HIGH
dockerspawner 0.11.0-12.x - Unauthenticated Arbitrary Docker Image Execution via Missing allowed_images Configuration
Dec 08, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-6568 MEDIUM NUCLEI
MLflow < 2.9.0 - Reflected Cross-Site Scripting via Content-Type Header
Dec 07, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-26154 MEDIUM
PubNub <7.4.0, <6.19.0, <7.3.0, <6.1.0, <5.3.0, <0.4.0 - Path Trave...
Dec 06, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-49297 LOW
PyDrive2 <1.16.2 - Arbitrary Code Execution via Unsafe YAML Deserialization
Dec 05, 2023
CVSS 3.3
EPSS 0.01
CVE-2023-43472 HIGH NUCLEI
MLFlow < 2.8.1 - Information Disclosure via REST API
Dec 05, 2023
CVSS 7.5
EPSS 0.37
CVE-2023-49080 LOW
jupyter_server < 2.11.2 - Authenticated Sensitive Information Exposure via API Error Traceback
Dec 04, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-49277 HIGH
dpaste < 3.8 - Reflected Cross-Site Scripting via Expires Parameter
Dec 01, 2023
CVSS 8.3
EPSS 0.01
CVE-2023-49081 HIGH
aiohttp < 3.9.0 - HTTP Request Smuggling via HTTP Version Manipulation
Nov 30, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-49082 MEDIUM
aiohttp < 3.9.0 - HTTP Request Smuggling via CRLF Injection
Nov 29, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-49083 MEDIUM
cryptography 3.1-41.0.5 - Denial of Service via PKCS7 Certificate Deserialization
Nov 29, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-42504 MEDIUM
Apache Superset < 3.0.0 - Authenticated Denial of Service via Concurrent Dashboard Export Requests
Nov 28, 2023
CVSS 5.8
EPSS 0.01
CVE-2023-42505 MEDIUM
Apache Superset < 3.0.0 - Authenticated Exposure of Sensitive Database Connection Information
Nov 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42502 MEDIUM
Apache Superset < 3.0.0 - Authenticated Open Redirect via HTTP Host Header Spoofing
Nov 28, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-48022 CRITICAL NUCLEI
Anyscale Ray 2.6.3 and 2.8.0 - Remote Code Execution via Job Submission API
Nov 28, 2023
CVSS 9.8
EPSS 0.82
CVE-2023-43701 MEDIUM
Apache Superset <2.1.2 - Code Injection
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42501 MEDIUM
Apache Superset < 2.1.2 - Authenticated Unnecessary Read Permissions in Gamma Role
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-40610 MEDIUM
Apache Superset <2.1.2 - Privilege Escalation
Nov 27, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-48796 HIGH
Apache DolphinScheduler - Info Disclosure
Nov 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-48705 HIGH
Nautobot < 1.6.6 and 2.0.0-2.0.4 - Stored Cross-Site Scripting via Custom Links and Job Buttons
Nov 22, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-37924 CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
Nov 22, 2023
CVSS 9.8
EPSS 0.07