pypi

5,009 tracked vulnerabilities.

CVE-2023-46215 HIGH
Apache Airflow <2.6.3, <3.4.0 - Info Disclosure
Oct 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-46137 MEDIUM
Twisted <23.10.0rc1 - Info Disclosure
Oct 25, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-46134 MEDIUM
D-Tale < 3.7.0 - Remote Code Execution via Custom Filter Input
Oct 25, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-5752 MEDIUM
pip < 23.3 - Command Injection via Mercurial VCS URL Configuration
Oct 25, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-46136 HIGH
Werkzeug < 2.3.8 and 3.0.0 - Denial of Service via Crafted Multipart Data
Oct 25, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-46128 MEDIUM
Nautobot 2.0.0-2.0.2 - Authenticated Exposure of Hashed User Passwords via REST API Depth Parameter
Oct 25, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46126 LOW
Fides < 2.22.1 - Authenticated Stored Cross-Site Scripting via Privacy Policy URL
Oct 25, 2023
CVSS 3.9
EPSS 0.01
CVE-2023-46125 MEDIUM
Fides < 2.22.1 - Unauthorized Exposure of Sensitive Configuration via API Endpoint
Oct 25, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46124 HIGH
Fides < 2.22.1 - Server-Side Request Forgery via YAML Dataset and Config Files
Oct 25, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-46288 MEDIUM
Apache Airflow <2.7.0 - Info Disclosure
Oct 23, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-32786 HIGH
Langchain < 0.0.155 - Server-Side Request Forgery via Prompt Injection
Oct 20, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-45805 HIGH
PDM 2.0.0-2.9.3 - Dependency Confusion via Malicious pdm.lock File
Oct 20, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-5690 HIGH
modoboa < 2.2.2 - Cross-Site Request Forgery
Oct 20, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-5689 MEDIUM
modoboa < 2.2.2 - DOM-based Cross-Site Scripting
Oct 20, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-5688 MEDIUM
modoboa < 2.2.2 - DOM-Based Cross-Site Scripting
Oct 20, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-41893 MEDIUM
Home Assistant < 2023.9.0 - Unauthenticated Exposure of Sensitive Information via OAuth Redirect URI Manipulation
Oct 20, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45815 MEDIUM
ArchiveBox < 0.6.2 - Stored Cross-Site Scripting via Wget Extractor
Oct 19, 2023
CVSS 6.4
EPSS 0.01
CVE-2023-44690 HIGH
mycli 1.27.0 - Inadequate Encryption Strength in Config File
Oct 19, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-45809 LOW
Wagtail < 4.1.9 - Authenticated Information Disclosure via User Account Bulk Action URL
Oct 19, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-46229 HIGH
langchain < 0.0.317 - Server-Side Request Forgery via Recursive URL Loader
Oct 19, 2023
CVSS 8.8
EPSS 0.45
CVE-2023-45813 MEDIUM
Torbot < 4.0.0 - Denial of Service via Inefficient URL Validation Regex
Oct 18, 2023
CVSS 4.6
EPSS 0.01
CVE-2023-45803 MEDIUM
urllib3 < 1.26.18 and 2.0.0-2.0.7 - Exposure of Sensitive Information via HTTP Redirect
Oct 17, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-45348 MEDIUM
Apache Airflow 2.7.0-2.7.1 - Authenticated Exposure of Sensitive Configuration Information
Oct 14, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42792 MEDIUM
Apache Airflow < 2.7.2 - Authenticated DAG Resource Access Control Bypass
Oct 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42780 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Information via DAG Warning List
Oct 14, 2023
CVSS 6.5
EPSS 0.01