pypi

4,707 tracked vulnerabilities.

CVE-2026-4269 HIGH
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28498 HIGH
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28490 MEDIUM
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Mar 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27962 CRITICAL
Authlib JWS JWK Header Injection: Signature Verification Bypass
Mar 16, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-4270 MEDIUM
AWS API MCP Server 0.2.14-1.3.8 - File Access Restriction Bypass
Mar 16, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-4229 HIGH
vanna-ai vanna bigquery_vector.py remove_training_data sql injection
Mar 16, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-32640 CRITICAL
(SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
Mar 16, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-32597 HIGH
PyJWT < 2.12.0 - Insufficient Verification of Data Authenticity via crit Header Parameter
Mar 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31899 HIGH
CairoSVG < 2.9.0 - Denial of Service via Recursive <use> Element Amplification
Mar 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32274 HIGH
Black < 26.3.1 - Path Traversal via --python-cell-magics Option
Mar 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32247 HIGH
graphiti-core < 0.28.2 - Cypher Injection via SearchFilters.node_labels
Mar 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32116 HIGH
Magic Wormhole 0.21.0-0.22.9 - Path Traversal
Mar 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3989 HIGH
SGLangs replay_request_dump.py - Deserialization
Mar 12, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-3060 CRITICAL
SGLang < 0.5.10 - Unauthenticated Remote Code Execution via Pickle Deserialization
Mar 12, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-3059 CRITICAL
SGLang Multimodal Module - Deserialization
Mar 12, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-32112 MEDIUM
ha-mcp < 7.0.0 - Stored Cross-Site Scripting via OAuth Consent Form
Mar 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32111 MEDIUM
Home Assistant MCP Server < 7.0.0 - OAuth ha_url Server-Side Request Forgery
Mar 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32109 LOW
Copyparty < 1.20.12 - Stored Cross-Site Scripting via .prologue.html File Upload
Mar 11, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32108 MEDIUM
Copyparty < 1.20.12 - Unauthenticated File Access via FTP/SFTP Share Bypass
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31958 HIGH
Tornado < 6.5.5 - Denial of Service via Multipart Form Data Parsing
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31826 MEDIUM
pypdf < 6.8.0 - Denial of Service via Large /Length Value in Content Stream
Mar 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-31815 MEDIUM
django-unicorn <0.67.0 - Auth Bypass
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26118 HIGH
Azure MCP Server - Authenticated Server-Side Request Forgery
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-25960 HIGH
vLLM 0.15.1-0.17.0 - Server-Side Request Forgery via URL Parsing Inconsistency
Mar 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-0846 HIGH
nltk < 3.9.3 - Arbitrary File Read via filestring() Function
Mar 09, 2026
CVSS 7.5
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV