pypi
4,986 tracked vulnerabilities.
CVE-2026-1115
CRITICAL
Stored XSS in parisneo/lollms
Apr 10, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-33551
LOW
OpenStack Keystone <26.1.1 - Privilege Escalation
Apr 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-40154
CRITICAL
PraisonAI Affected by Untrusted Remote Template Code Execution
Apr 09, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-40153
HIGH
PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
Apr 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-40152
MEDIUM
PraisonAIAgents <1.5.128 list_files Glob Pattern - Path Traversal
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40151
MEDIUM
NUCLEI
PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
Apr 09, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-40150
HIGH
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
Apr 09, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-40149
HIGH
PraisonAI <4.5.128 Approval Allow-List - Safety Control Bypass
Apr 09, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-40148
MEDIUM
PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Apr 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40117
MEDIUM
PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate
Apr 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-40116
HIGH
PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40115
MEDIUM
PraisonAI <4.5.128 WSGI Recipe Registry - Denial of Service
Apr 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-40114
HIGH
PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
Apr 09, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40113
HIGH
PraisonAI <4.5.128 Cloud Run Deployment - Argument Injection
Apr 09, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-40112
MEDIUM
PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)
Apr 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40111
HIGH
PraisonAIAgents <1.5.128 Memory Hooks Executor - OS Command Injection
Apr 09, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-5974
HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-5973
HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-5972
HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-40088
CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
Apr 09, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-40087
MEDIUM
LangChain has incomplete f-string validation in prompt templates
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-5971
HIGH
FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-5970
HIGH
FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-40072
HIGH
web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling
Apr 09, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40071
MEDIUM
pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions
Apr 09, 2026
CVSS 5.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters