pypi
4,979 tracked vulnerabilities.
CVE-2026-41425
MEDIUM
Authlib: Cross-site request forging when using cache
Apr 24, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-41140
HIGH
Poetry < 2.3.4 - Path Traversal via Tarball Extraction
Apr 24, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-41066
HIGH
lxml < 6.1.0 - XML External Entity Injection via Default Parser Configuration
Apr 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25660
CRITICAL
Authentication bypass for certain API calls
Apr 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-40690
MEDIUM
Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users
Apr 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-38743
MEDIUM
Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
Apr 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-41241
HIGH
pretalx: Stored cross-site scripting in organiser search typeahead
Apr 23, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-41205
HIGH
Mako: Path traversal via double-slash URI prefix in TemplateLookup
Apr 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41206
HIGH
PySpector <0.1.8 PluginSecurity.validate_plugin_code - Code Execution Bypass
Apr 23, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-41182
MEDIUM
LangSmith SDK: Streaming token events bypass output redaction
Apr 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6878
MEDIUM
ByteDance verl grader.py math_equal sandbox
Apr 23, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-41314
MEDIUM
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41313
MEDIUM
pypdf: Possible long runtimes for wrong size values in incremental mode
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41312
MEDIUM
pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41168
MEDIUM
pypdf has possible long runtimes for wrong size values in cross-reference and object streams
Apr 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6859
HIGH
Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`
Apr 22, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6855
HIGH
InstructLab - Path Traversal Arbitrary File Write
Apr 22, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-41133
HIGH
pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)
Apr 22, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-40606
MEDIUM
ProxyAuth Addon LDAP Injection in mitmproxy
Apr 21, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-40602
MEDIUM
hass-cli: Handling of user-supplied Jinja2 templates
Apr 21, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-40594
MEDIUM
pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)
Apr 21, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-40576
CRITICAL
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
Apr 21, 2026
CVSS 9.4
EPSS 0.00
CVE-2026-39378
MEDIUM
nbconvert 6.5-7.17.0 HTMLExporter Image Embedding - Arbitrary File Read
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-39377
MEDIUM
nbconvert 6.5-7.17.0 Cell Attachments - Arbitrary File Write
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35588
MEDIUM
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Apr 21, 2026
CVSS 6.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters