pypi
4,986 tracked vulnerabilities.
CVE-2026-39987
CRITICAL
KEVNUCLEI
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Apr 09, 2026
CVSS 9.8
EPSS 0.96
CVE-2026-39981
HIGH
AGiXT <1.9.2 safe_join() - Path Traversal
Apr 09, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-34538
MEDIUM
Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)
Apr 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40036
HIGH
Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression
Apr 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-39892
CRITICAL
cryptography 45.0.0-46.0.6 APIs - Buffer Overflow
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-39891
HIGH
PraisonAI <4.5.115 Agent Tool Definitions - Template Injection
Apr 08, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-39890
CRITICAL
PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-39889
HIGH
PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
Apr 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39888
CRITICAL
PraisonAIAgents <1.5.115 execute_code - Sandbox Escape
Apr 08, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-39844
MEDIUM
NiceGUI <3.10.0 Windows Upload Filename - Path Traversal
Apr 08, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-39413
MEDIUM
LightRAG <1.4.14 API - JWT Algorithm Confusion
Apr 08, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-33753
MEDIUM
Improper Certificate Validation in rfc3161-client
Apr 08, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-31040
CRITICAL
stata-mcp <1.13.0 - Command Injection
Apr 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-5600
MEDIUM
pretix 2025.10.0-2026.1.1, 2026.2.0, 2026.3.0 - Unauthorized Data Access via Check-In Events API Endpoint
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1163
MEDIUM
Insufficient Session Expiration in parisneo/lollms
Apr 08, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-39847
CRITICAL
Emmett 2.5.0-2.8.0 Internal Assets Handler - Path Traversal
Apr 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-39376
HIGH
FastFeedParser <0.5.10 Meta-Refresh Redirects - Denial of Service
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39373
MEDIUM
JWCrypto: JWE ZIP decompression bomb
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22680
MEDIUM
OpenViking < 0.3.3 Missing Authorization via Task Polling
Apr 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39308
HIGH
PraisonAI recipe registry publish path traversal allows out-of-root file write
Apr 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-39307
HIGH
PraisonAI <1.5.113 Template Extraction - Zip Slip
Apr 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-39306
HIGH
PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
Apr 07, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-39305
CRITICAL
Arbitrary File Write / Path Traversal in Action Orchestrator
Apr 07, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-35615
HIGH
PraisonAI <1.5.113 FileTools - Path Traversal
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35592
MEDIUM
pyLoad <0.5.0b3.dev97 UnTar._safe_extractall - Path Traversal
Apr 07, 2026
CVSS 5.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters