pypi

4,707 tracked vulnerabilities.

CVE-2026-34953 CRITICAL
PraisonAI: Authentication Bypass in OAuthManager.validate_token()
Apr 03, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34952 CRITICAL
PraisonAI: Missing Authentication in WebSocket Gateway
Apr 03, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34939 MEDIUM
PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Apr 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34938 CRITICAL
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Apr 03, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-34937 HIGH
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Apr 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-34936 HIGH
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
Apr 03, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-34935 CRITICAL
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Apr 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-34934 CRITICAL
PraisonAI: Second-Order SQL Injection in `get_all_user_threads`
Apr 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-34824 HIGH
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service
Apr 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34052 MEDIUM
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Apr 03, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33709 MEDIUM
JupyterHub has an Open Redirect Vulnerability
Apr 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33175 HIGH
OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
Apr 03, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0545 CRITICAL NUCLEI
Missing Authentication for Critical Function in mlflow/mlflow
Apr 03, 2026
CVSS 9.8
EPSS 0.14
CVE-2026-27124 MEDIUM
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
Apr 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-5463 HIGH
pymetasploit3 < 1.0.6 - Command Injection via Newline in Module Options
Apr 03, 2026
CVSS 8.6
EPSS 0.02
CVE-2026-35536 HIGH
Tornado <6.5.5 - Cookie Attribute Injection
Apr 03, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-34730 MEDIUM
Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Apr 02, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-34726 MEDIUM
Copier `_subdirectory` allows template root escape via parent-directory traversal
Apr 02, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-34591 MEDIUM
Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Apr 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35002 CRITICAL
Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution
Apr 02, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-33641 HIGH
Glances Vulnerable to Command Injection via Dynamic Configuration Values
Apr 02, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-33533 MEDIUM
Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
Apr 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32871 CRITICAL
FastMCP <3.2.0 OpenAPIProvider - Server-Side Request Forgery
Apr 02, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-34544 HIGH
OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Apr 01, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-34543 HIGH
OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
Apr 01, 2026
CVSS 7.5
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV