pypi

4,998 tracked vulnerabilities.

CVE-2023-48700 MEDIUM
nautobot-plugin-device-onboarding 2.0.0-3.0.0 - Cleartext Storage of Sensitive Information in Job Results
Nov 21, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-48699 HIGH
fastbots < 0.1.5 - Remote Code Execution via Locators.ini File Injection
Nov 21, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-48299 MEDIUM
TorchServe 0.1.0-0.8.2 - Path Traversal via Archive Extraction
Nov 21, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-48051 HIGH
upydev 0.4.3 - Inadequate Encryption Strength in Key Generation
Nov 20, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-46302 CRITICAL
Apache Submarine - YAML Deserialization
Nov 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-6020 HIGH NUCLEI
Ray < 2.8.1 - Unauthenticated Local File Inclusion via Static Directory
Nov 16, 2023
CVSS 7.5
EPSS 0.15
CVE-2023-6014 CRITICAL
MLflow < 2.8.0 - Authentication Bypass
Nov 16, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-48056 HIGH
PyPinkSign v0.5.1 - Info Disclosure
Nov 16, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-48054 HIGH
localstack 2.3.2 - Missing SSL Certificate Validation
Nov 16, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-48052 HIGH
httpie < 3.2.3 - Missing SSL Certificate Validation
Nov 16, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-6022 HIGH
prefect < 2.16.5 - Cross-Site Request Forgery
Nov 16, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-6021 HIGH NUCLEI
Ray <2.8.1 - Unauthenticated Local File Inclusion via Log API
Nov 16, 2023
CVSS 7.5
EPSS 0.37
CVE-2023-6019 CRITICAL
Ray < 2.8.1 - Unauthenticated Remote Code Execution via CPU Profile URL Parameter
Nov 16, 2023
CVSS 9.8
EPSS 0.75
CVE-2023-6018 CRITICAL NUCLEI
MLflow - Unauthenticated File Overwrite
Nov 16, 2023
CVSS 9.8
EPSS 0.48
CVE-2023-6015 HIGH
MLflow < 2.8.1 - Unauthenticated Arbitrary File Write via PUT Request
Nov 16, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-48224 HIGH
Fides < 2.24.0 - Predictable One-Time Code Generation via Weak PRNG
Nov 15, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-46121 MEDIUM
yt-dlp <2023.11.14 - Cookie Exfiltration via Generic Extractor Proxy Injection
Nov 15, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-5189 MEDIUM
Ansible Automation Platform - Path Traversal via Malicious Tarball Extraction
Nov 14, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-47641 LOW
aiohttp < 3.8.0 - HTTP Request Smuggling via Inconsistent Content-Length and Transfer-Encoding Handling
Nov 14, 2023
CVSS 3.4
EPSS 0.01
CVE-2023-47631 HIGH
vantage6 < 4.1.2 - Insufficient Verification of Data Authenticity via Parent ID Bypass
Nov 14, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-47627 MEDIUM
aiohttp < 3.8.6 - HTTP Request Smuggling via Header Parsing
Nov 14, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-46446 MEDIUM
asyncssh < 2.14.1 - Rogue Session Attack via Packet Injection
Nov 14, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-46445 MEDIUM
asyncssh < 2.14.1 - Rogue Extension Negotiation via Man-in-the-Middle Attack
Nov 14, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-47117 HIGH NUCLEI
Label Studio < 1.9.2 - Exposure of Sensitive Information via Django ORM Filter Chain
Nov 13, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-47163 HIGH
remarshal < 0.17.1 - Denial of Service via YAML Alias Node Expansion
Nov 13, 2023
CVSS 7.5
EPSS 0.01