pypi

4,707 tracked vulnerabilities.

CVE-2026-34070 HIGH
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
Mar 31, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32727 HIGH
SciTokens: Authorization Bypass via Path Traversal in Scope Validation
Mar 31, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32716 HIGH
SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking
Mar 31, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32714 CRITICAL
SciTokens vulnerable to SQL Injection in KeyCache
Mar 31, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-32794 MEDIUM
Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Mar 30, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33992 MEDIUM
pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33936 MEDIUM
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33981 MEDIUM
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33980 HIGH
Azure Data Explorer MCP Server <=0.1.1 - KQL Injection
Mar 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-34046 HIGH
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Mar 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33873 CRITICAL
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Mar 27, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-33045 MEDIUM
Home Assistant has stored XSS in history-graphs
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33044 MEDIUM
Home Assistant has stored XSS in Map-card through malicious device name
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-4963 MEDIUM
huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection
Mar 27, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-33744 HIGH
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
Mar 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-33718 HIGH
OpenHands is Vulnerable to Command Injection through its Git Diff Handler
Mar 27, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-33699 HIGH
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29071 LOW
Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Mar 27, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-29070 MEDIUM
Open WebUI has unauthorized deletion of knowledge files
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28788 HIGH
Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Mar 27, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28786 MEDIUM
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Mar 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27893 HIGH
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out
Mar 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33682 MEDIUM
Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Mar 26, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-33545 MEDIUM
MobSF has SQL Injection in its SQLite Database Viewer Utils
Mar 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33430 HIGH
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Mar 26, 2026
CVSS 7.3
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV