Skip to main content

Python

2165 CVEs product

Monthly

CVE-2024-9774 PyPI MEDIUM PATCH This Month

A vulnerability was found in python-sql where unary operators do not escape non-Expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2024-12745 PyPI HIGH PATCH This Week

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Python Redshift Connector
NVD GitHub
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-56363 HIGH This Week

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-56326 PyPI MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

RCE Python Jinja
NVD GitHub
CVSS 4.0
5.4
EPSS
0.5%
CVE-2024-56201 PyPI MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

RCE Python Jinja
NVD GitHub
CVSS 4.0
5.4
EPSS
0.3%
CVE-2024-56327 PyPI HIGH PATCH This Week

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2024-55587 PyPI HIGH This Week

python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Python
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-55655 PyPI LOW PATCH Monitor

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service
NVD GitHub
CVSS 4.0
2.7
EPSS
0.2%
CVE-2024-39163 PyPI HIGH This Week

binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-53981 PyPI HIGH PATCH This Week

python-multipart is a streaming multipart parser for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-53865 PyPI HIGH PATCH This Week

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Python Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-53861 PyPI HIGH POC PATCH This Week

pyjwt is a JSON Web Token implementation in Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pyjwt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-52338 PyPI CRITICAL PATCH Act Now

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Apache Python Arrow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-52804 PyPI HIGH PATCH This Week

Tornado is a Python web framework and asynchronous networking library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Tornado
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-11406 PyPI MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.1%
CVE-2024-11404 PyPI MEDIUM PATCH This Month

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python File Upload XSS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-48991 HIGH PATCH This Week

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Race Condition Python Needrestart
NVD GitHub
CVSS 3.1
7.8
EPSS
5.3%
CVE-2024-48990 HIGH POC PATCH THREAT Act Now

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Python Needrestart
NVD GitHub
CVSS 3.1
7.8
EPSS
19.9%
CVE-2024-52304 PyPI MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Python Request Smuggling Aiohttp
NVD GitHub
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-52303 PyPI HIGH PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Aiohttp
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-11319 PyPI MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).11.7, 3.11.8, 4.1.2,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python XSS Django Cms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-4343 CRITICAL POC PATCH Act Now

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Privategpt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-29083 MEDIUM This Month

Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Python Intel
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2024-49050 HIGH PATCH This Week

Visual Studio Code Python Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-50636 CRITICAL Act Now

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-52004 HIGH This Week

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-51751 PyPI MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Gradio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-49769 PyPI HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-49768 PyPI MEDIUM PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-49766 PyPI MEDIUM PATCH This Month

Werkzeug is a Web Server Gateway Interface web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Microsoft Werkzeug
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-49750 PyPI MEDIUM PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Python Information Disclosure Microsoft Snowflake Connector
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47879 Maven HIGH POC PATCH This Week

OpenRefine is a free, open source tool for working with messy data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection CSRF Python RCE Openrefine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-47716 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Python Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21272 PyPI HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Oracle MySQL
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9979 Cargo MEDIUM PATCH This Month

A flaw was found in PyO3. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Python Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9953 MEDIUM PATCH This Month

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python Vince
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-47872 PyPI MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47871 PyPI HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-47870 PyPI HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47869 PyPI LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-47868 PyPI MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-47867 PyPI LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2024-47168 PyPI LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-47167 PyPI MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47166 PyPI LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Python Gradio
NVD GitHub
CVSS 4.0
2.3
EPSS
0.4%
CVE-2024-47165 PyPI MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47164 PyPI LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Python Gradio
NVD GitHub
CVSS 4.0
2.3
EPSS
0.7%
CVE-2024-47084 PyPI MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47833 PyPI MEDIUM POC PATCH This Month

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Taipy
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-47532 PyPI HIGH POC PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Restrictedpython
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47082 PyPI HIGH PATCH This Week

Strawberry GraphQL is a library for creating GraphQL APIs. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF File Upload Strawberry
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-45601 PyPI HIGH PATCH This Week

Mesop is a Python-based UI framework designed for rapid web apps development. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45858 PyPI HIGH PATCH MAL This Week

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8864 PyPI MEDIUM POC This Month

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Composio
NVD VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-45851 PyPI HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Microsoft Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45850 PyPI HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Microsoft Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45849 PyPI HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Microsoft Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45848 PyPI HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-45847 PyPI HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45846 PyPI HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-27321 PyPI HIGH This Week

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Autolabel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27320 PyPI HIGH This Week

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Autolabel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-44082 MEDIUM This Month

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-45399 PyPI MEDIUM PATCH This Month

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Indico
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45314 PyPI MEDIUM PATCH This Month

Flask-AppBuilder is an application development framework. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Information Disclosure Flask Appbuilder
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8374 HIGH PATCH This Week

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection Python RCE Ultimaker Cura
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-45388 Go HIGH POC PATCH THREAT This Week

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Hoverfly
NVD GitHub
CVSS 3.1
7.5
EPSS
55.9%
CVE-2024-20286 HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python Nx Os
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-20285 HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python Nx Os
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-20284 HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python Nx Os
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43404 CRITICAL PATCH Act Now

MEGABOT is a fully customized Discord bot for learning and fun. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Python RCE Megabot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-6221 PyPI HIGH POC PATCH This Week

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Flask Cors
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42353 PyPI MEDIUM POC PATCH This Month

WebOb provides objects for HTTP requests and responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Open Redirect Webob
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-42474 PyPI MEDIUM PATCH This Month

Streamlit is a data oriented application development framework for python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Microsoft Streamlit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-42367 PyPI MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Python Aiohttp
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-0115 MEDIUM This Month

NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Python Nvidia Denial Of Service Ubuntu Cv Cuda
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6891 HIGH POC This Week

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Journyx
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-41951 PyPI MEDIUM PATCH This Month

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-3219 MEDIUM This Month

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Python Microsoft
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-41810 PyPI MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Twisted
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-41806 MEDIUM This Month

The Open edX Platform is a learning management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Juniper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41129 PyPI MEDIUM PATCH This Month

The ops library is a Python framework for developing and testing Kubernetes and machine charms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-32484 HIGH POC THREAT This Week

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Python Anki
NVD
CVSS 3.1
8.2
EPSS
25.9%
CVE-2024-40647 PyPI MEDIUM PATCH This Month

sentry-sdk is the official Python SDK for Sentry.io. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-21170 MEDIUM This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Denial Of Service Oracle Mysql Connector Python
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-21513 PyPI HIGH PATCH This Week

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval'. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Python RCE Langchain Experimental
NVD GitHub
CVSS 3.1
8.5
EPSS
1.9%
CVE-2024-39903 PyPI HIGH POC PATCH This Week

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Solara
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2024-39317 PyPI MEDIUM PATCH GHSA This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Wagtail
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5753 PyPI HIGH This Week

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Python
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-39934 HIGH This Week

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was found in python-sql where unary operators do not escape non-Expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Python Redshift Connector
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

RCE Python Jinja
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

RCE Python Jinja
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Python
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

python-multipart is a streaming multipart parser for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Python Information Disclosure
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

pyjwt is a JSON Web Token implementation in Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pyjwt
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Apache +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Tornado is a Python web framework and asynchronous networking library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Tornado
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python File Upload XSS
NVD VulDB
EPSS 5% CVSS 7.8
HIGH PATCH This Week

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Race Condition Python +1
NVD GitHub
EPSS 20% CVSS 7.8
HIGH POC PATCH THREAT Act Now

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Python Needrestart
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Python Request Smuggling +1
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Aiohttp
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).11.7, 3.11.8, 4.1.2,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python XSS Django Cms
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Privategpt
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Python Intel
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Visual Studio Code Python Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
EPSS 1% CVSS 8.7
HIGH This Week

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Gradio
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Waitress
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Waitress
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Werkzeug is a Web Server Gateway Interface web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Microsoft +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Python Information Disclosure Microsoft +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

OpenRefine is a free, open source tool for working with messy data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection CSRF Python +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Python Denial Of Service Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Oracle +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in PyO3. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Python Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Python Vince
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Gradio
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Python Gradio
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Python Gradio
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
EPSS 1% CVSS 2.3
LOW PATCH Monitor

Gradio is an open-source Python package designed for quick prototyping. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Python Gradio
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Gradio
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Taipy
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Restrictedpython
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Strawberry GraphQL is a library for creating GraphQL APIs. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF File Upload +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Mesop is a Python-based UI framework designed for rapid web apps development. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Information Disclosure
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Indico
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Flask-AppBuilder is an application development framework. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Information Disclosure Flask Appbuilder
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection Python RCE +1
NVD GitHub
EPSS 56% CVSS 7.5
HIGH POC PATCH THREAT This Week

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Hoverfly
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

MEGABOT is a fully customized Discord bot for learning and fun. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Python RCE +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Flask Cors
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

WebOb provides objects for HTTP requests and responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Open Redirect Webob
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Streamlit is a data oriented application development framework for python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Microsoft +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Python Aiohttp
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Python Nvidia Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Python +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Twisted
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

The Open edX Platform is a learning management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Juniper
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The ops library is a Python framework for developing and testing Kubernetes and machine charms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Kubernetes
NVD GitHub
EPSS 26% CVSS 8.2
HIGH POC THREAT This Week

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Python +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

sentry-sdk is the official Python SDK for Sentry.io. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Denial Of Service Oracle +1
NVD
EPSS 2% CVSS 8.5
HIGH PATCH This Week

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval'. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Python RCE +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Solara
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Wagtail
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Python
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
Prev Page 14 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy