pypi
4,707 tracked vulnerabilities.
CVE-2026-33626
HIGH
NUCLEI
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Apr 20, 2026
CVSS 7.5
EPSS 0.09
CVE-2026-28684
MEDIUM
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Apr 20, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-3219
MEDIUM
pip doesn't reject concatenated ZIP and tar archives
Apr 20, 2026
EPSS 0.00
CVE-2026-6608
MEDIUM
lm-sys fastchat Arena Side-by-Side View add_text control flow
Apr 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6607
MEDIUM
lm-sys fastchat Worker API Endpoint api_generate resource consumption
Apr 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6606
HIGH
modelscope agentscope _agent_base.py _process_audio_block server-side request forgery
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6605
HIGH
modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6604
HIGH
modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6603
HIGH
modelscope agentscope _python.py execute_shell_command code injection
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6599
MEDIUM
langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection
Apr 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-6598
MEDIUM
langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
Apr 20, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6597
LOW
langflow-ai langflow Flow Using API core.py has_api_terms credentials storage
Apr 20, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-6596
HIGH
langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6587
MEDIUM
vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
Apr 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40948
MEDIUM
Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager
Apr 18, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32690
LOW
Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1
Apr 18, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32228
HIGH
Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to
Apr 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30912
HIGH
Apache Airflow: Exposing stack trace in case of constraint error
Apr 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25917
HIGH
Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)
Apr 18, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40491
MEDIUM
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
Apr 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40347
MEDIUM
Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Apr 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40474
HIGH
wger has Broken Access Control in the Global Gym Configuration Update Endpoint
Apr 17, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-40353
MEDIUM
wger: Stored XSS via Unescaped License Attribution Fields
Apr 17, 2026
EPSS 0.00
CVE-2026-40258
CRITICAL
Gramps Web API has Zip Slip Path Traversal in Media Archive Import
Apr 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35402
LOW
mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
Apr 17, 2026
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters