pypi
4,979 tracked vulnerabilities.
CVE-2026-49471
HIGH
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Jul 07, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-52830
CRITICAL
fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection
Jul 02, 2026
CVSS 9.4
EPSS 0.00
CVE-2026-49851
HIGH
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
Jun 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-55255
HIGH
KEV
Langflow < 1.9.2 - Authenticated Insecure Direct Object Reference
Jun 23, 2026
CVSS 8.4
EPSS 0.01
CVE-2026-56266
HIGH
Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints
Jun 22, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-54651
MEDIUM
pypdf: Possible infinite loop when processing threads/articles in writer
Jun 22, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-55443
MEDIUM
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
Jun 22, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-49291
HIGH
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
Jun 19, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-56078
HIGH
PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor
Jun 18, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-56074
MEDIUM
PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching
Jun 18, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-49257
CRITICAL
mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind
Jun 18, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-54533
MEDIUM
vantage6 node has an Improper Access Control issue
Jun 17, 2026
EPSS 0.00
CVE-2026-54445
MEDIUM
Vantage6: Set admin user and password from environment or configuration
Jun 17, 2026
EPSS 0.00
CVE-2026-12568
MEDIUM
Black Lantern Security BBOT - Arbitrary File Write in postman_download Module
Jun 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-12567
LOW
Black Lantern Security BBOT - Symlink-Following Arbitrary Write via github_workflows Module
Jun 17, 2026
CVSS 2.2
EPSS 0.00
CVE-2026-12566
LOW
SSRF via unvalidated WWW-Authenticate realm in docker_pull module
Jun 17, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-12565
MEDIUM
Black Lantern Security BBOT - Path Traversal (Zip-Slip) in Unarchive Module
Jun 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-54386
MEDIUM
marimo < 0.23.9 XSS via file Query Parameter in assets.py
Jun 17, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48990
MEDIUM
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
Jun 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-48989
HIGH
Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS
Jun 17, 2026
EPSS 0.00
CVE-2026-12530
HIGH
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
Jun 17, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-48817
MEDIUM
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
Jun 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-53870
MEDIUM
Hermes Agent < 0.16.0 - World-Readable Store Files Expose Secrets
Jun 17, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-53869
HIGH
Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints
Jun 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53875
HIGH
picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch
Jun 17, 2026
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters