pypi

4,707 tracked vulnerabilities.

CVE-2026-27602 HIGH
Modoboa <2.7.1 Domain Names - Authenticated OS Command Injection
Mar 25, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-25645 MEDIUM
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Mar 25, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-24159 HIGH
NVIDIA NeMo Framework < 2.6.2 - Remote Code Execution via Untrusted Data Deserialization
Mar 24, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-24157 HIGH
NVIDIA NeMo Framework < 2.6.2 - Remote Code Execution via Checkpoint Loading
Mar 24, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-33509 HIGH
pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
Mar 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33332 HIGH
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
Mar 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33314 MEDIUM
pyload-ng: Improper Authentication and Origin Validation Error
Mar 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33497 HIGH
Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
Mar 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33484 HIGH
Langflow has Unauthenticated IDOR on Image Downloads
Mar 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33310 HIGH
Intake has a Command Injection via shell() Expansion in Parameter Defaults
Mar 24, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33309 CRITICAL
Langflow has an Arbitrary File Write (RCE) via v2 API
Mar 24, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-33046 HIGH
Indico < 3.3.12 - Remote Code Execution via LaTeX Sanitizer Bypass
Mar 23, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-26209 HIGH
cbor2 < 5.9.0 - Denial of Service via Deeply Nested CBOR Structures
Mar 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4539 LOW
pygments archetype.py AdlLexer redos
Mar 22, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-33236 HIGH
NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33231 HIGH
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33230 MEDIUM
nltk Vulnerable to Cross-site Scripting
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33155 HIGH
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33154 HIGH
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33140 MEDIUM
PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33139 HIGH
PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution
Mar 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-33010 HIGH
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33125 HIGH
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
Mar 20, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-33123 MEDIUM
pypdf has inefficient decoding of array-based streams
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33057 CRITICAL NUCLEI
Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py
Mar 20, 2026
CVSS 9.8
EPSS 0.12
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV