Lucene search
K
PypaMost viewed

4602 matches found

PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.6AI score0.0122EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.7AI score0.01441EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

AgentScope path traversal vulnerability in save-workflow

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS7.3AI score0.0091EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.8CVSS7.5AI score0.01083EPSS
Exploits2References7Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

AgentScope path traversal vulnerability

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS7.3AI score0.00953EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

9.8CVSS7.3AI score0.03228EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7.2AI score0.01063EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

9.8CVSS7.6AI score0.03166EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

Cobbler Improper Validation of Security Tokens

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.8CVSS7.1AI score0.6786EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

Plone Unauthenticated Write Vulnerability

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...

9.8CVSS7.2AI score0.02258EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

web2py is vulnerable to password brute-force attack

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

9.8CVSS7.2AI score0.02587EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...

9.1CVSS7.2AI score0.02591EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OpenStack Object Storage (swift) Code Injection vulnerability

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

9.8CVSS7.6AI score0.06518EPSS
Exploits0References19Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

9.8CVSS7.6AI score0.03166EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

9.8CVSS6.8AI score0.01284EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

Cobbler has Exposed Dangerous Method or Function

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...

9.8CVSS7.2AI score0.6786EPSS
Exploits0References16Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OpenStack Octavia Amphora-Agent not requiring Client-Certificate

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS6.7AI score0.02296EPSS
Exploits0References18Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

SQL injection in calibreweb

Calibre-Web before 0.6.18 allows user table SQL Injection...

9.8CVSS7.2AI score0.01094EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

9.1CVSS6.9AI score0.04248EPSS
Exploits1References13Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

9.8CVSS7.2AI score0.0499EPSS
Exploits2References9Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

ReviewBoard and Djblets library are vulnerable to code execution

An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...

9.8CVSS7.4AI score0.0304EPSS
Exploits0References17Affected Software1
PyPA
PyPA
•added 2026/06/29 11:50 a.m.•3 views

Command injection in libvcs and vcspull

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

9.8CVSS7.3AI score0.03652EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/06/23 7:17 p.m.•3 views

PYSEC-2026-588

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS6AI score0.00289EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/23 7:17 p.m.•3 views

PYSEC-2026-587

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

7.5CVSS6AI score0.00267EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/22 10:16 p.m.•3 views

PYSEC-2026-596

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6.1AI score0.00276EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/05/28 7:16 p.m.•3 views

PYSEC-2026-601

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS6AI score0.00328EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/05/28 7:16 p.m.•3 views

PYSEC-2026-600

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

8.8CVSS6.1AI score0.00329EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/01/20 12:15 a.m.•3 views

PYSEC-2026-598

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS6.2AI score0.08843EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2025/06/17 11:15 a.m.•3 views

PYSEC-2025-236

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

4.8CVSS5.9AI score0.00263EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2023/11/03 5:15 a.m.•3 views

PYSEC-2023-226

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

7.5CVSS6.8AI score0.03502EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2023/10/03 5:15 a.m.•3 views

PYSEC-2023-190

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...

7.5CVSS7AI score0.01031EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 2022/11/22 7:15 p.m.•3 views

PYSEC-2022-42995

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

5.1CVSS6.5AI score0.00247EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•3 views

PYSEC-2022-43045

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•3 views

PYSEC-2022-43037

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•3 views

PYSEC-2022-43038

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

9.8CVSS7AI score0.0483EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/10/11 10:15 p.m.•3 views

PYSEC-2022-43036

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

9.8CVSS7AI score0.01168EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/07/28 11:15 p.m.•3 views

PYSEC-2022-43163

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

9.8CVSS7.8AI score0.01011EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2022/03/01 9:15 p.m.•3 views

PYSEC-2022-43051

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using followRedirects or followRedirectsWith with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie,...

6.1CVSS7AI score0.00815EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2021/12/23 6:15 p.m.•3 views

PYSEC-2021-859

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

7.5CVSS6.9AI score0.02668EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/12/17 9:15 p.m.•3 views

PYSEC-2021-890

Buffer overflow in ajaxsoundstudio.com Pyo and 1.03 in the Serverjackinit function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name...

7.5CVSS7.3AI score0.01066EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/23 8:15 p.m.•3 views

PYSEC-2021-436

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.2AI score0.01514EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/11/12 7:15 p.m.•3 views

PYSEC-2021-434

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way...

6.5CVSS6.6AI score0.01449EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•3 views

PYSEC-2021-617

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

8.8CVSS7.1AI score0.00168EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•3 views

PYSEC-2021-406

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.8CVSS7.2AI score0.0021EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•3 views

PYSEC-2021-813

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•3 views

PYSEC-2021-416

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

7.1CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•3 views

PYSEC-2021-402

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/26 11:15 a.m.•3 views

PYSEC-2021-872

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on extern...

9.8CVSS7.6AI score0.02876EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/09/22 12:15 p.m.•3 views

PYSEC-2021-358

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

7.1CVSS6.6AI score0.00854EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/09/10 10:15 p.m.•3 views

PYSEC-2021-330

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...

9.8CVSS8AI score0.17353EPSS
Exploits4References4Affected Software1
Total number of security vulnerabilities4602