pypi

4,980 tracked vulnerabilities.

CVE-2026-34225 MEDIUM
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
Apr 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33858 HIGH
Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API
Apr 13, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-1462 HIGH
Safe Mode Bypass in keras-team/keras
Apr 13, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-4810 CRITICAL NUCLEI
Remote Code Execution in Google Agent Development Kit (ADK)
Apr 13, 2026
EPSS 0.02
CVE-2026-6111 MEDIUM
FoundationAgents MetaGPT common.py decode_image server-side request forgery
Apr 12, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-6110 HIGH
FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection
Apr 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-6109 MEDIUM
FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery
Apr 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-5059 CRITICAL
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
Apr 11, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-40178 MEDIUM
ajenti.plugin.core <0.112 2FA - Race Condition
Apr 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-40177 HIGH
Password bypass when 2FA is activated
Apr 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39922 MEDIUM
GeoNode < 4.4.5, 5.0.2 SSRF via Service Registration
Apr 10, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40162 HIGH
Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble
Apr 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-40160 MEDIUM
PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback
Apr 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40159 MEDIUM
PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution
Apr 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-40158 HIGH
PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai
Apr 10, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-40157 HIGH
PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`
Apr 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-40156 HIGH
PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
Apr 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40086 MEDIUM
Rembg <2.0.75 Custom Model Loading - Path Traversal
Apr 10, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-40217 HIGH
LiteLLM < 2026-04-08 - Remote Code Execution via Guardrails Test Custom Code Endpoint
Apr 10, 2026
CVSS 8.8
EPSS 0.06
CVE-2026-1115 CRITICAL
Stored XSS in parisneo/lollms
Apr 10, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-33551 LOW
OpenStack Keystone <26.1.1 - Privilege Escalation
Apr 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-40154 CRITICAL
PraisonAI Affected by Untrusted Remote Template Code Execution
Apr 09, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-40153 HIGH
PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
Apr 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-40152 MEDIUM
PraisonAIAgents <1.5.128 list_files Glob Pattern - Path Traversal
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40151 MEDIUM NUCLEI
PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
Apr 09, 2026
CVSS 5.3
EPSS 0.01