pypi
4,707 tracked vulnerabilities.
CVE-2026-33054
CRITICAL
Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion
Mar 20, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-33017
CRITICAL
KEVNUCLEI
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
Mar 20, 2026
CVSS 9.8
EPSS 0.23
CVE-2026-32889
MEDIUM
tinytag: Denial of Service via non-terminating SYLT frame parsing loop
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32875
HIGH
UltraJSON 5.10-5.11.0 Indent Handling - Integer Overflow Denial of Service
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32874
HIGH
UltraJSON 5.4.0-5.11.0 - Large Integer Memory Leak Denial of Service
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32711
HIGH
pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
Mar 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27953
HIGH
ormar <0.23.1 Model Constructor - Pydantic Validation Bypass
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-3029
HIGH
PyMuPDF 1.26.5 - Path Traversal and Arbitrary File Write
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32722
LOW
Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Mar 18, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-32634
HIGH
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32633
CRITICAL
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Mar 18, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-32632
MEDIUM
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Mar 18, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-32611
HIGH
Glances DuckDB Export - SQL Injection
Mar 18, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-32610
HIGH
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32609
HIGH
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
Mar 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32608
HIGH
Glances <4.5.2 Action Templates - Command Injection
Mar 18, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-32596
HIGH
NUCLEI
Glances exposes the REST API without authentication
Mar 18, 2026
CVSS 7.5
EPSS 0.04
CVE-2026-30922
HIGH
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Mar 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28500
HIGH
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Mar 18, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-27459
CRITICAL
pyOpenSSL DTLS cookie callback buffer overflow
Mar 18, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27448
LOW
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Mar 18, 2026
EPSS 0.00
CVE-2026-30911
HIGH
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Mar 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28779
HIGH
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Mar 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28563
MEDIUM
Apache Airflow: DAG authorization bypass
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26929
MEDIUM
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Mar 17, 2026
CVSS 6.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters