pypi

4,986 tracked vulnerabilities.

CVE-2026-39987 CRITICAL KEVNUCLEI
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Apr 09, 2026
CVSS 9.8
EPSS 0.96
CVE-2026-39981 HIGH
AGiXT <1.9.2 safe_join() - Path Traversal
Apr 09, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-34538 MEDIUM
Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)
Apr 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40036 HIGH
Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression
Apr 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-39892 CRITICAL
cryptography 45.0.0-46.0.6 APIs - Buffer Overflow
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-39891 HIGH
PraisonAI <4.5.115 Agent Tool Definitions - Template Injection
Apr 08, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-39890 CRITICAL
PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-39889 HIGH
PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
Apr 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39888 CRITICAL
PraisonAIAgents <1.5.115 execute_code - Sandbox Escape
Apr 08, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-39844 MEDIUM
NiceGUI <3.10.0 Windows Upload Filename - Path Traversal
Apr 08, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-39413 MEDIUM
LightRAG <1.4.14 API - JWT Algorithm Confusion
Apr 08, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-33753 MEDIUM
Improper Certificate Validation in rfc3161-client
Apr 08, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-31040 CRITICAL
stata-mcp <1.13.0 - Command Injection
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-5600 MEDIUM
pretix 2025.10.0-2026.1.1, 2026.2.0, 2026.3.0 - Unauthorized Data Access via Check-In Events API Endpoint
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1163 MEDIUM
Insufficient Session Expiration in parisneo/lollms
Apr 08, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-39847 CRITICAL
Emmett 2.5.0-2.8.0 Internal Assets Handler - Path Traversal
Apr 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39376 HIGH
FastFeedParser <0.5.10 Meta-Refresh Redirects - Denial of Service
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39373 MEDIUM
JWCrypto: JWE ZIP decompression bomb
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22680 MEDIUM
OpenViking < 0.3.3 Missing Authorization via Task Polling
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39308 HIGH
PraisonAI recipe registry publish path traversal allows out-of-root file write
Apr 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-39307 HIGH
PraisonAI <1.5.113 Template Extraction - Zip Slip
Apr 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-39306 HIGH
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Apr 07, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-39305 CRITICAL
Arbitrary File Write / Path Traversal in Action Orchestrator
Apr 07, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-35615 HIGH
PraisonAI <1.5.113 FileTools - Path Traversal
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35592 MEDIUM
pyLoad <0.5.0b3.dev97 UnTar._safe_extractall - Path Traversal
Apr 07, 2026
CVSS 5.3
EPSS 0.00