pypi
4,979 tracked vulnerabilities.
CVE-2026-53874
CRITICAL
picklescan - Arbitrary Code Execution via Obfuscated eval Call
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-53873
CRITICAL
picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass
Jun 17, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-53872
HIGH
picklescan - Arbitrary File Read via Unsafe Pickle Deserialization
Jun 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-3490
CRITICAL
picklescan - Universal Blocklist Bypass via pkgutil.resolve_name
Jun 17, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-55748
MEDIUM
Openstack Horizon - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jun 17, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-47103
CRITICAL
Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-50203
CRITICAL
Apache Airflow Sftp Provider < 5.8.1 - Path Traversal
Jun 17, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-48797
CRITICAL
Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication
Jun 17, 2026
EPSS 0.00
CVE-2026-48782
MEDIUM
Pydantic AI - Cloud Metadata Server-Side Request Forgery Blocklist Bypass
Jun 17, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-12491
MEDIUM
Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations
Jun 17, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-48776
MEDIUM
langchain-ai - LangGraph SDK Has Unsafe URL Path Construction
Jun 17, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-46448
MEDIUM
Openstack Nova - Incorrect Resource Transfer Between Spheres
Jun 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-48775
MEDIUM
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading
Jun 16, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-12398
HIGH
Galaxy_ng: shell injection in legacy role import via unsanitized git ref names
Jun 16, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47157
MEDIUM
aiograpi: Unsafe signup challenge path handling
Jun 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-52726
HIGH
Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-47734
MEDIUM
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-47712
LOW
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
Jun 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-47213
MEDIUM
BoxLite: Timeout Bypass Vulnerability
Jun 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46703
CRITICAL
BoxLite < 0.9.0 OCI Image Handling - Arbitrary Host File Write
Jun 10, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-46695
CRITICAL
BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files
Jun 10, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-46645
MEDIUM
SQLAdmin: Authorization Bypass on `ajax_lookup`
Jun 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-42563
HIGH
Dulwich Vulnerable to Command Injection via Merge Driver Path
Jun 10, 2026
EPSS 0.01
CVE-2026-42305
HIGH
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Jun 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-50127
MEDIUM
Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)
Jun 10, 2026
CVSS 5.9
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters