pypi
4,707 tracked vulnerabilities.
CVE-2026-33034
HIGH
Django < 6.0.4, 5.2.13, 4.2.30 - ASGI Upload Memory Limit Bypass
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33033
MEDIUM
Django < 6.0.4, 5.2.13, 4.2.30 - MultiPartParser Base64 Upload Denial of Service
Apr 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33866
MEDIUM
Authorization Bypass in MLflow AJAX Endpoint
Apr 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33865
MEDIUM
Stored XSS via unsafe YAML parsing in MLflow
Apr 07, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-1839
HIGH
Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers
Apr 07, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-35459
CRITICAL
pyLoad has SSRF fix bypass via HTTP redirect
Apr 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35187
HIGH
pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter
Apr 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-35175
MEDIUM
Ajenti has an authorization bypass during custom package installation
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35171
CRITICAL
Arbitrary Code Execution via Malicious Logging Configuration in Kedro
Apr 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35167
HIGH
Kedro has a path traversal in versioned dataset loading via unsanitized version string
Apr 06, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-35052
CRITICAL
D-Tale affected by Remote Code Execution through redis/shelf storage
Apr 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35044
HIGH
BentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generation
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-35043
HIGH
BentoML: command injection in cloud deployment setup script (deployment.py)
Apr 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-35030
CRITICAL
LiteLLM has an authentication bypass via OIDC userinfo cache key collision
Apr 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35029
HIGH
NUCLEI
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
Apr 06, 2026
CVSS 8.8
EPSS 0.26
CVE-2026-34756
MEDIUM
vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34755
MEDIUM
vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34753
MEDIUM
vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
Apr 06, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34589
MEDIUM
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
Apr 06, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34588
HIGH
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
Apr 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-34444
CRITICAL
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Apr 06, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-33752
HIGH
Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
Apr 06, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-5559
MEDIUM
AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
Apr 05, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-34955
HIGH
PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox
Apr 04, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34954
HIGH
PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL
Apr 03, 2026
CVSS 8.6
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters