pypi
4,980 tracked vulnerabilities.
CVE-2026-40258
CRITICAL
Gramps Web API has Zip Slip Path Traversal in Media Archive Import
Apr 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35402
LOW
mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
Apr 17, 2026
EPSS 0.00
CVE-2026-40525
CRITICAL
OpenViking Authentication Bypass via VikingBot OpenAPI
Apr 17, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-40320
HIGH
Giskard ConformityCheck - Unsandboxed Jinja2 Template Rendering
Apr 17, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40319
MEDIUM
Giskard RegexMatching Check - Regular Expression Denial of Service
Apr 17, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-40260
MEDIUM
pypdf: Manipulated XMP metadata entity declarations can exhaust RAM
Apr 17, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31987
HIGH
Apache Airflow: JWT token appearing in logs
Apr 16, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-40192
HIGH
Pillow is vulnerable to a FITS GZIP decompression bomb
Apr 15, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-40256
MEDIUM
Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision
Apr 15, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-39845
MEDIUM
Weblate: SSRF via the webhook add-on using unprotected fetch_url()
Apr 15, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-34393
HIGH
Weblate: Privilege escalation in the user API endpoint
Apr 15, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34244
MEDIUM
Weblate: SSRF via Project-Level Machinery Configuration
Apr 15, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34242
HIGH
Weblate: Arbitrary File Read via Symlink
Apr 15, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-33440
MEDIUM
Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads
Apr 15, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-33435
HIGH
Weblate: Remote code execution during backup restoration
Apr 15, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-33220
MEDIUM
Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository
Apr 15, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-33214
MEDIUM
Weblate has improper access control for the translation memory API
Apr 15, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33212
LOW
Weblate: Improper access control for pending tasks in API
Apr 15, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-30625
CRITICAL
Upsonic 0.71.6 MCP Tasks - OS Command Injection
Apr 15, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-25219
MEDIUM
Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access
Apr 15, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40683
HIGH
OpenStack Keystone <25.0.1 - Auth Bypass
Apr 14, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-40315
CRITICAL
PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
Apr 14, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-40289
CRITICAL
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
Apr 14, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-40288
CRITICAL
PraisonAI: Critical RCE via `type: job` workflow YAML
Apr 14, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-40287
HIGH
PraisonAI has RCE via Automatic tools.py Import
Apr 14, 2026
CVSS 8.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters