pypi
4,707 tracked vulnerabilities.
CVE-2026-40116
HIGH
PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40115
MEDIUM
PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS
Apr 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-40114
HIGH
PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
Apr 09, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40113
HIGH
PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
Apr 09, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-40112
MEDIUM
PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)
Apr 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40111
HIGH
PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
Apr 09, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-5974
HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-5973
HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-5972
HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-40088
CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
Apr 09, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-40087
MEDIUM
LangChain has incomplete f-string validation in prompt templates
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-5971
HIGH
FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-5970
HIGH
FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-40072
LOW
web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling
Apr 09, 2026
EPSS 0.00
CVE-2026-40071
MEDIUM
pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions
Apr 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-39987
CRITICAL
KEVNUCLEI
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Apr 09, 2026
CVSS 9.8
EPSS 0.82
CVE-2026-39981
HIGH
AGiXT has a Path Traversal in safe_join()
Apr 09, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34538
MEDIUM
Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)
Apr 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40036
HIGH
Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression
Apr 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39892
CRITICAL
cryptography has a buffer overflow if non-contiguous buffers were passed to APIs
Apr 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-39891
HIGH
PraisonAI has a Template Injection in Agent Tool Definitions
Apr 08, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-39890
CRITICAL
PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-39889
HIGH
PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
Apr 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39888
CRITICAL
PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
Apr 08, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-39844
MEDIUM
NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization
Apr 08, 2026
CVSS 5.9
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters