pypi
4,979 tracked vulnerabilities.
CVE-2026-35587
HIGH
Glances IP Plugin has SSRF via public_api that leads to credential leakage
Apr 21, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34839
MEDIUM
Glances Vulnerable to Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33626
HIGH
NUCLEI
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Apr 20, 2026
CVSS 7.5
EPSS 0.45
CVE-2026-28684
MEDIUM
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
Apr 20, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-3219
MEDIUM
pip doesn't reject concatenated ZIP and tar archives
Apr 20, 2026
EPSS 0.00
CVE-2026-6608
MEDIUM
lm-sys fastchat Arena Side-by-Side View add_text control flow
Apr 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6607
MEDIUM
lm-sys fastchat Worker API Endpoint api_generate resource consumption
Apr 20, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-6606
HIGH
modelscope agentscope _agent_base.py _process_audio_block server-side request forgery
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6605
HIGH
modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6604
HIGH
modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6603
HIGH
modelscope agentscope _python.py execute_shell_command code injection
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6599
MEDIUM
langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection
Apr 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-6598
MEDIUM
langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
Apr 20, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6597
LOW
langflow-ai langflow Flow Using API core.py has_api_terms credentials storage
Apr 20, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-6596
HIGH
langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload
Apr 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6587
MEDIUM
vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
Apr 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40948
MEDIUM
Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager
Apr 18, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32690
LOW
Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1
Apr 18, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32228
HIGH
Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to
Apr 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30912
HIGH
Apache Airflow: Exposing stack trace in case of constraint error
Apr 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25917
HIGH
Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)
Apr 18, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-40491
MEDIUM
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall
Apr 18, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40347
MEDIUM
Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Apr 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40474
HIGH
wger has Broken Access Control in the Global Gym Configuration Update Endpoint
Apr 17, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-40353
MEDIUM
wger: Stored XSS via Unescaped License Attribution Fields
Apr 17, 2026
CVSS 5.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters