pypi
4,707 tracked vulnerabilities.
CVE-2026-39413
MEDIUM
LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API
Apr 08, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-33753
MEDIUM
Improper Certificate Validation in rfc3161-client
Apr 08, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-31040
CRITICAL
stata-mcp <1.13.0 - Command Injection
Apr 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-5600
MEDIUM
pretix 2025.10.0-2026.1.1, 2026.2.0, 2026.3.0 - Unauthorized Data Access via Check-In Events API Endpoint
Apr 08, 2026
EPSS 0.00
CVE-2026-1163
MEDIUM
Insufficient Session Expiration in parisneo/lollms
Apr 08, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-39847
CRITICAL
Emmett has a path traversal in internal assets handler
Apr 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39376
HIGH
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39373
MEDIUM
JWCrypto: JWE ZIP decompression bomb
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22680
MEDIUM
OpenViking < 0.3.3 Missing Authorization via Task Polling
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39308
HIGH
PraisonAI recipe registry publish path traversal allows out-of-root file write
Apr 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-39307
HIGH
PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction
Apr 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-39306
HIGH
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Apr 07, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-39305
CRITICAL
Arbitrary File Write / Path Traversal in Action Orchestrator
Apr 07, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-35615
HIGH
PraisonAI has a Path Traversal in FileTools
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35592
MEDIUM
pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35586
MEDIUM
Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng
Apr 07, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-35523
HIGH
Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35526
HIGH
Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35492
MEDIUM
Kedro-Datasets <9.3.0 PartitionedDataset - Path Traversal Arbitrary File Write
Apr 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35490
CRITICAL
changedetection.io has an Authentication Bypass via Decorator Ordering
Apr 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-4292
LOW
Privilege abuse in ModelAdmin.list_editable
Apr 07, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-4277
CRITICAL
Privilege abuse in GenericInlineModelAdmin
Apr 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-3902
HIGH
ASGI header spoofing via underscore/hyphen conflation
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35464
HIGH
pyLoad <=0.5.0b3.dev96 - Flask Session Store Code Execution
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35463
HIGH
pyLoad has Improper Neutralization of Special Elements used in an OS Command
Apr 07, 2026
CVSS 8.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters