Skip to main content

Python

2170 CVEs product

Monthly

CVE-2023-49297 PyPI HIGH POC PATCH This Week

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Google Deserialization Pydrive2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-49277 PyPI MEDIUM PATCH This Month

dpaste is an open source pastebin application written in Python using the Django framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Authentication Bypass Dpaste
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49081 PyPI MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Aiohttp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-49082 PyPI MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Aiohttp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-49083 PyPI HIGH POC PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Null Pointer Dereference Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-48705 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Nautobot
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48699 PyPI CRITICAL POC PATCH Act Now

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Code Injection Information Disclosure Fastbots
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48224 PyPI CRITICAL PATCH Act Now

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fides
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-47641 PyPI MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Open Redirect Aiohttp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-47627 PyPI HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure Aiohttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-47117 PyPI HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-45167 MEDIUM This Month

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43791 PyPI HIGH POC PATCH This Week

Label Studio is a multi-type data labeling and annotation tool with standardized output format. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-46404 CRITICAL POC PATCH Act Now

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Pcrs
NVD GitHub
CVSS 3.1
9.9
EPSS
1.9%
CVE-2023-43665 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-41164 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-47204 PyPI CRITICAL PATCH Act Now

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization Transmute Core
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46695 PyPI HIGH PATCH This Week

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Microsoft Django
NVD
CVSS 3.1
7.5
EPSS
49.8%
CVE-2023-5625 HIGH PATCH This Week

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Red Hat Python Denial Of Service Openshift Container Platform For Arm64 Openshift Container Platform For Linuxone +3
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46250 PyPI MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Denial Of Service Pypdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46666 MEDIUM This Month

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Microsoft Python Authentication Bypass Elastic Sharepoint Online Python Connector
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-46134 PyPI CRITICAL PATCH Act Now

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE Python XSS D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46128 PyPI MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37909 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-46127 MEDIUM PATCH This Month

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Frappe
NVD GitHub
CVSS 3.1
5.4
EPSS
37.0%
CVE-2023-45805 PyPI HIGH POC PATCH This Week

pdm is a Python package and dependency manager supporting the latest PEP standards. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Pdm Unearth
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45809 PyPI LOW PATCH Monitor

Wagtail is an open source content management system built on Django. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Wagtail
NVD GitHub
CVSS 3.1
2.7
EPSS
0.5%
CVE-2023-45813 PyPI HIGH POC PATCH This Week

Torbot is an open source tor network intelligence tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Torbot Validators
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45803 PyPI MEDIUM PATCH This Month

urllib3 is a user-friendly HTTP client library for Python. Rated medium severity (CVSS 4.2). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 Fedora
NVD GitHub
CVSS 3.1
4.2
EPSS
0.5%
CVE-2023-44467 PyPI CRITICAL PATCH Act Now

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38703 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Python Memory Corruption Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-4570 PyPI HIGH PATCH This Week

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Measurementlink
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-43804 PyPI HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-3361 HIGH This Week

A flaw was found in Red Hat OpenShift Data Science. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure Python Open Data Hub Dashboard +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26145 PyPI HIGH POC PATCH This Week

This affects versions of the package pydash before 6.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Command Injection Pydash
NVD GitHub
CVSS 3.1
8.1
EPSS
2.9%
CVE-2023-40581 PyPI HIGH POC PATCH This Week

yt-dlp is a youtube-dl fork with additional features and fixes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Command Injection Microsoft Yt Dlp
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-4785 LIB HIGH PATCH This Week

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Google Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41329 LIB MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker Python Wiremock Studio +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-41328 HIGH This Week

Frappe is a low code web framework written in Python and Javascript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python SQLi Frappe
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41319 PyPI HIGH PATCH This Week

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Fides
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-41050 PyPI HIGH PATCH This Week

AccessControl provides a general security framework for use in Zope. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Accesscontrol Zope
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-37941 PyPI MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python Deserialization Superset
NVD GitHub
CVSS 3.1
6.6
EPSS
29.2%
CVE-2023-41040 PyPI MEDIUM POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Python Gitpython
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-41039 PyPI HIGH PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Restrictedpython
NVD GitHub
CVSS 3.1
7.7
EPSS
0.6%
CVE-2023-40590 PyPI HIGH POC PATCH This Week

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Microsoft Gitpython
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40587 PyPI MEDIUM PATCH This Month

Pyramid is an open source Python web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Pyramid Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-40217 MEDIUM This Month

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-41105 HIGH PATCH This Week

An issue was discovered in Python 3.11 through 3.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Active Iq Unified Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-37914 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-38898 MEDIUM POC This Month

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-36095 PyPI CRITICAL POC PATCH Act Now

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python RCE Langchain
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38941 CRITICAL Act Now

django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection Django Sspanel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-37276 PyPI HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure Aiohttp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-37462 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
91.3%
CVE-2023-38325 PyPI HIGH POC PATCH This Week

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37274 HIGH PATCH This Week

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Path Traversal RCE Python Code Injection +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37273 HIGH PATCH This Week

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Docker Autogpt Classic
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-37271 PyPI CRITICAL PATCH Act Now

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Restrictedpython
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-36456 HIGH PATCH This Week

authentik is an open-source Identity Provider. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2023-36830 PyPI HIGH POC PATCH This Week

SQLFluff is a SQL linter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Sqlfluff
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-36188 PyPI CRITICAL POC PATCH Act Now

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-34457 PyPI HIGH POC PATCH This Week

MechanicalSoup is a Python library for automating interaction with websites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Mechanicalsoup
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36258 PyPI CRITICAL POC PATCH Act Now

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36814 PyPI HIGH PATCH This Week

Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Products Cmfcore
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36053 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-36810 PyPI MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pypdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36807 PyPI MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36469 Maven HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
82.4%
CVE-2023-36467 HIGH PATCH This Week

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Aws Dataall
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-36464 PyPI MEDIUM POC PATCH This Month

pypdf is an open source, pure-python PDF library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf Pypdf2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36632 HIGH POC This Week

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-35932 PyPI HIGH POC This Week

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Jcvi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-34110 PyPI LOW PATCH Monitor

Flask-AppBuilder is an application development framework, built on top of Flask. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Python Flask Appbuilder
NVD GitHub
CVSS 3.1
2.7
EPSS
0.7%
CVE-2023-33290 Cargo HIGH POC This Week

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Git Url Parse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34233 PyPI HIGH PATCH This Week

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Python Command Injection Snowflake Connector
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-34239 PyPI CRITICAL PATCH Act Now

Gradio is an open-source Python library that is used to build machine learning and data science. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Gradio
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-33595 MEDIUM PATCH This Month

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Python
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-32683 PyPI MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python SSRF Authentication Bypass Synapse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-32682 PyPI MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Synapse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-33175 PyPI HIGH PATCH This Week

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Toui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33185 PyPI MEDIUM POC PATCH This Month

Django-SES is a drop-in mail backend for Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Django Ses
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-32309 PyPI HIGH POC PATCH This Week

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Pymdown Extensions
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-31047 PyPI CRITICAL PATCH Act Now

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Django Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-30861 PyPI HIGH PATCH This Week

Flask is a lightweight WSGI web application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Flask
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30798 PyPI HIGH PATCH This Week

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Starlette
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-25601 Maven MEDIUM PATCH This Month

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Authentication Bypass Dolphinscheduler
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2023-29523 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-29522 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29521 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29518 Maven HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Google +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

dpaste is an open source pastebin application written in Python using the Django framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Aiohttp
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Aiohttp
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Null Pointer Dereference +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Nautobot
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Code Injection Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fides
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Open Redirect +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Denial Of Service IBM +2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Label Studio is a multi-type data labeling and annotation tool with standardized output format. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
EPSS 2% CVSS 9.9
CRITICAL POC PATCH Act Now

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization Transmute Core
NVD GitHub
EPSS 50% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Red Hat Python Denial Of Service +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Denial Of Service Pypdf
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Microsoft Python +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE Python XSS +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 37% CVSS 5.4
MEDIUM PATCH This Month

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Frappe
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

pdm is a Python package and dependency manager supporting the latest PEP standards. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Pdm +1
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Wagtail is an open source content management system built on Django. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Wagtail
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Torbot is an open source tor network intelligence tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Torbot +1
NVD GitHub
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

urllib3 is a user-friendly HTTP client library for Python. Rated medium severity (CVSS 4.2). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Langchain Experimental
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Python +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Measurementlink
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A flaw was found in Red Hat OpenShift Data Science. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure +3
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

This affects versions of the package pydash before 6.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Command Injection Pydash
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

yt-dlp is a youtube-dl fork with additional features and fixes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Command Injection +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Google +1
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Frappe is a low code web framework written in Python and Javascript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python SQLi Frappe
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.7
HIGH PATCH This Week

AccessControl provides a general security framework for use in Zope. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Accesscontrol +1
NVD GitHub
EPSS 29% CVSS 6.6
MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Python +1
NVD GitHub
EPSS 1% CVSS 7.7
HIGH PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Restrictedpython
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Microsoft +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Pyramid is an open source Python web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Pyramid +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Python 3.11 through 3.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Active Iq Unified Manager
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection Django Sspanel
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure +1
NVD GitHub
EPSS 91% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Path Traversal RCE +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +2
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Restrictedpython
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

authentik is an open-source Identity Provider. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Authentication Bypass Authentik
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

SQLFluff is a SQL linter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Sqlfluff
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

MechanicalSoup is a Python library for automating interaction with websites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Mechanicalsoup
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Products Cmfcore
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pypdf
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf
NVD GitHub
EPSS 82% CVSS 8.8
HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

pypdf is an open source, pure-python PDF library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection +1
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Flask-AppBuilder is an application development framework, built on top of Flask. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Python Flask Appbuilder
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Git Url Parse
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Python Command Injection +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Gradio is an open-source Python library that is used to build machine learning and data science. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Gradio
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python SSRF Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Synapse
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Toui
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Django-SES is a drop-in mail backend for Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Pymdown Extensions
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Django +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Flask is a lightweight WSGI web application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Flask
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Starlette
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Authentication Bypass +1
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
Prev Page 16 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy