Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-40267
GitPython prior to 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Gitpython Project Gitpython
9.8
CVSSv3
CVE-2023-36095
An issue in Harrison Chase langchain v.0.0.194 allows an malicious user to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
Langchain Langchain 0.0.194
9.8
CVSSv3
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote malicious user to execute arbitrary code via the PALChain parameter in the Python exec method.
Langchain Langchain 0.0.64
9.8
CVSSv3
CVE-2023-36258
An issue in LangChain prior to 0.0.236 allows an malicious user to execute arbitrary code because Python code with os.system, exec, or eval can be used.
Langchain Langchain 0.0.199
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
9.8
CVSSv3
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an malicious user to authenticate and access unauthorized resources. This does ...
Apache Superset
20 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-29374
In LangChain up to and including 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
Langchain Langchain
2 Github repositories
9.8
CVSSv3
CVE-2018-25082
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address th...
Wechat Sdk Python Project Wechat Sdk Python
9.8
CVSSv3
CVE-2023-26477
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional para...
Xwiki Xwiki
1 Github repository
9.8
CVSSv3
CVE-2023-25823
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions before 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private ...
Gradio Project Gradio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »