pypi
4,979 tracked vulnerabilities.
CVE-2026-44661
MEDIUM
python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol
May 14, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-8597
HIGH
Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK
May 14, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-8596
HIGH
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
May 14, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44520
MEDIUM
Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler
May 14, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-44513
HIGH
Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components
May 14, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-44504
HIGH
Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)
May 14, 2026
EPSS 0.00
CVE-2026-44503
HIGH
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
May 14, 2026
EPSS 0.01
CVE-2026-44484
CRITICAL
Compromise of PyTorch Lightning PyPi Package Versions
May 14, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44919
MEDIUM
OpenStack Ironic - Denial of Service via Infinite Loop in Checksum Calculation
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44439
HIGH
LookyLoo - PlaywrightCapture permits access to local files and internal network resources during page capture
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44368
MEDIUM
PyQuorum: Timing side‑channel in mul_mod
May 13, 2026
EPSS 0.00
CVE-2026-42561
HIGH
Python-Multipart: Denial of Service via unbounded multipart part headers
May 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42304
HIGH
Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44364
CRITICAL
misp-modules website - Missing CSRF protection in the website home blueprint
May 13, 2026
EPSS 0.00
CVE-2026-44363
MEDIUM
Unsafe remote resource fetching in expansion misp-modules
May 13, 2026
EPSS 0.00
CVE-2026-42032
CRITICAL
CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`
May 13, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-42031
CRITICAL
NUCLEI
CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
May 13, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-41255
MEDIUM
CKAN: CSRF exemption primed by anonymous requests
May 13, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41132
HIGH
CKAN: No certificate validation on STMP connection
May 13, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-44432
HIGH
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
May 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-44431
MEDIUM
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
May 13, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-42557
CRITICAL
jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content
May 13, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-42266
HIGH
jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
May 13, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-44307
HIGH
Mako: Path traversal via backslash URI on Windows in TemplateLookup
May 12, 2026
EPSS 0.01
CVE-2026-44305
MEDIUM
Lemur: LDAP TLS certificate verification globally disabled enables credential interception
May 12, 2026
CVSS 6.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters