pypi

4,998 tracked vulnerabilities.

CVE-2023-47037 MEDIUM
Apache Airflow < 2.7.3 - Authenticated DAG Run Detail Modification via Notes Submission
Nov 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42781 MEDIUM
Apache Airflow < 2.7.3 - Authenticated Exposure of Sensitive Task Instance Information
Nov 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-47128 CRITICAL
piccolo < 1.1.1 - SQL Injection via Savepoint Name Parameter
Nov 10, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-46894 HIGH
esptool 4.6.2 - Inadequate Encryption Strength
Nov 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-43791 CRITICAL
Label Studio <1.8.2 - Privilege Escalation
Nov 09, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-47248 CRITICAL NUCLEI
PyArrow 0.14.0-14.0.0 - Remote Code Execution via Untrusted Data Deserialization
Nov 09, 2023
CVSS 9.8
EPSS 0.14
CVE-2023-47114 MEDIUM
Fides 2.15.1-2.23.2 - Stored Cross-Site Scripting in Data Subject Access Request Package
Nov 08, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-44271 HIGH
Pillow < 10.0.0 - Denial of Service via Truetype Font Memory Allocation
Nov 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43665 HIGH
Django <3.2.22, <4.1.12, <4.2.6 - DoS
Nov 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41164 HIGH
Django <3.2.21-<4.1.11-<4.2.5 - DoS
Nov 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-47204 CRITICAL
transmute-core < 1.13.5 - Remote Code Execution via YAML Deserialization
Nov 02, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-46695 HIGH
Django 3.2-3.2.22, 4.1-4.1.12, 4.2-4.2.6 - Denial of Service via NFKC Unicode Normalization
Nov 02, 2023
CVSS 7.5
EPSS 0.50
CVE-2023-43796 MEDIUM
Synapse <1.95.1-1.96.0rc1 - Info Disclosure
Oct 31, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-46250 MEDIUM
pypdf 3.7.0-3.16.4 - Denial of Service via Infinite Loop
Oct 31, 2023
CVSS 5.1
EPSS 0.00
CVE-2023-46215 HIGH
Apache Airflow <2.6.3, <3.4.0 - Info Disclosure
Oct 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-46137 MEDIUM
Twisted <23.10.0rc1 - Info Disclosure
Oct 25, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-46134 MEDIUM
D-Tale < 3.7.0 - Remote Code Execution via Custom Filter Input
Oct 25, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-5752 MEDIUM
pip < 23.3 - Command Injection via Mercurial VCS URL Configuration
Oct 25, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-46136 HIGH
Werkzeug < 2.3.8 and 3.0.0 - Denial of Service via Crafted Multipart Data
Oct 25, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-46128 MEDIUM
Nautobot 2.0.0-2.0.2 - Authenticated Exposure of Hashed User Passwords via REST API Depth Parameter
Oct 25, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46126 LOW
Fides < 2.22.1 - Authenticated Stored Cross-Site Scripting via Privacy Policy URL
Oct 25, 2023
CVSS 3.9
EPSS 0.01
CVE-2023-46125 MEDIUM
Fides < 2.22.1 - Unauthorized Exposure of Sensitive Configuration via API Endpoint
Oct 25, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46124 HIGH
Fides < 2.22.1 - Server-Side Request Forgery via YAML Dataset and Config Files
Oct 25, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-46288 MEDIUM
Apache Airflow <2.7.0 - Info Disclosure
Oct 23, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-32786 HIGH
Langchain < 0.0.155 - Server-Side Request Forgery via Prompt Injection
Oct 20, 2023
CVSS 7.5
EPSS 0.01