pypi

4,707 tracked vulnerabilities.

CVE-2026-25604 MEDIUM
apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager
Mar 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-29787 MEDIUM
mcp-memory-service <10.21.0 - Info Disclosure
Mar 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29780 MEDIUM
eml-parser < 2.0.1 - Path Traversal and Arbitrary File Write via Unsanitized Attachment Filename
Mar 07, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29778 HIGH
pyLoad 0.5.0b3.dev13-0.5.0b3.dev96 - Path Traversal
Mar 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-30244 HIGH
Plane < 1.2.2 - Unauthenticated Sensitive Information Disclosure via Django REST Framework Permission Misconfiguration
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30242 HIGH
Plane < 1.2.3 - Authenticated Server-Side Request Forgery via Webhook URL Validation Bypass
Mar 06, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-29065 CRITICAL
changedetection.io <0.54.4 - Path Traversal
Mar 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-29039 HIGH
changedetection.io <0.54.4 - Info Disclosure
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29038 MEDIUM
changedetection.io < 0.54.4 - Reflected Cross-Site Scripting via RSS Tag Endpoint
Mar 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28804 MEDIUM
pypdf < 6.7.5 - Denial of Service via ASCIIHexDecode Filter
Mar 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28802 CRITICAL
Authlib 1.6.5-1.6.6 - Improper Verification of Cryptographic Signature
Mar 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28795 CRITICAL
OpenChatBI < 0.2.2 - Path Traversal via File Format Parameter
Mar 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28438 CRITICAL
CocoIndex < 0.3.34 - SQL Injection via Doris Target Connector Table Name
Mar 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28681 HIGH
IRRd 4.4.0-4.4.4/4.5.0 - Open Redirect
Mar 06, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28277 MEDIUM
LangGraph SQLite Checkpoint <=1.0.9 - Deserialization
Mar 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-25048 HIGH
xgrammar <0.1.32 - Memory Corruption
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27982 MEDIUM
django-allauth <65.14.1 - Open Redirect
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0847 HIGH
nltk <= 3.9.2 - Path Traversal in CorpusReader Classes
Mar 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27932 HIGH
joserfc < 1.6.3 - Unauthenticated Denial of Service via PBES2 Count Parameter
Mar 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27905 HIGH
BentoML < 1.4.36 - Arbitrary File Write via Symlink Target Bypass
Mar 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27622 HIGH
OpenEXR < 3.2.6 - Out-of-bounds Write in CompositeDeepScanLine::readPixels
Mar 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-28518 HIGH
OpenViking <=0.2.1 - Path Traversal
Mar 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-25674 LOW
Django 6.0-6.0.2,5.2-5.2.11,4.2-4.2.28 - Privilege Escalation
Mar 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25673 HIGH
Django 6.0-6.0.2/5.2-5.2.11/4.2-4.2.28 - DoS
Mar 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2256 MEDIUM
ModelScope ms-agent <v1.6.0rc1 - Command Injection
Mar 02, 2026
CVSS 6.5
EPSS 0.01
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV