pypi

4,986 tracked vulnerabilities.

CVE-2026-1115 CRITICAL
Stored XSS in parisneo/lollms
Apr 10, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-33551 LOW
OpenStack Keystone <26.1.1 - Privilege Escalation
Apr 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-40154 CRITICAL
PraisonAI Affected by Untrusted Remote Template Code Execution
Apr 09, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-40153 HIGH
PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
Apr 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-40152 MEDIUM
PraisonAIAgents <1.5.128 list_files Glob Pattern - Path Traversal
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40151 MEDIUM NUCLEI
PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
Apr 09, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-40150 HIGH
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
Apr 09, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-40149 HIGH
PraisonAI <4.5.128 Approval Allow-List - Safety Control Bypass
Apr 09, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-40148 MEDIUM
PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Apr 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40117 MEDIUM
PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate
Apr 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-40116 HIGH
PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40115 MEDIUM
PraisonAI <4.5.128 WSGI Recipe Registry - Denial of Service
Apr 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-40114 HIGH
PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
Apr 09, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40113 HIGH
PraisonAI <4.5.128 Cloud Run Deployment - Argument Injection
Apr 09, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-40112 MEDIUM
PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)
Apr 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40111 HIGH
PraisonAIAgents <1.5.128 Memory Hooks Executor - OS Command Injection
Apr 09, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-5974 HIGH
FoundationAgents MetaGPT terminal.py Bash.run os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-5973 HIGH
FoundationAgents MetaGPT common.py get_mime_type os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-5972 HIGH
FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection
Apr 09, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-40088 CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
Apr 09, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-40087 MEDIUM
LangChain has incomplete f-string validation in prompt templates
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-5971 HIGH
FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-5970 HIGH
FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection
Apr 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-40072 HIGH
web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling
Apr 09, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40071 MEDIUM
pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions
Apr 09, 2026
CVSS 5.4
EPSS 0.00