pypi

4,707 tracked vulnerabilities.

CVE-2026-34531 MEDIUM
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
Apr 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34525 MEDIUM
AIOHTTP: Duplicate Host header accepted
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34520 CRITICAL
AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass
Apr 01, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34519 MEDIUM
AIOHTTP: HTTP response splitting via \r in reason phrase
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34518 MEDIUM
AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34517 MEDIUM
AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34516 HIGH
AIOHTTP: Multipart Header Size Bypass
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34515 HIGH
AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34514 MEDIUM
AIOHTTP: CRLF injection in multipart part content type header construction
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34513 HIGH
AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22815 HIGH
AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34447 MEDIUM
ONNX: External Data Symlink Traversal
Apr 01, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-34446 MEDIUM
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Apr 01, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-34445 HIGH
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Apr 01, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-34222 HIGH
Open WebUI has Broken Access Control in Tool Valves
Apr 01, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-27489 HIGH
ONNX: Path Traversal via Symlink
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34452 MEDIUM
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Mar 31, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34450 MEDIUM
Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
Mar 31, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-34400 CRITICAL
alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Mar 31, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-34203 LOW
Nautobot: Management of users via REST API does not apply configured password validators
Mar 31, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-34231 MEDIUM
Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag
Mar 31, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-34172 HIGH
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Mar 31, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0596 HIGH
Command Injection in mlflow/mlflow
Mar 31, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-34881 MEDIUM
OpenStack Glance <29.1.1, 30.x<30.1.1, 31.0.0 SSRF via Image Import URL Redirect
Mar 31, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34073 MEDIUM
cryptography has incomplete DNS name constraint enforcement on peer names
Mar 31, 2026
CVSS 5.3
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV