pypi

4,707 tracked vulnerabilities.

CVE-2026-28416 HIGH
Gradio < 6.6.0 - Server-Side Request Forgery via Malicious Space Proxy URL
Feb 27, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-28415 MEDIUM
Gradio < 6.6.0 - Open Redirect via Unvalidated _target_url Parameter
Feb 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-28414 HIGH NUCLEI
Gradio < 6.7.0 - Unauthenticated Absolute Path Traversal via Root-Relative Path Handling
Feb 27, 2026
CVSS 7.5
EPSS 0.04
CVE-2026-27167 NONE
Gradio 4.16.0-6.5.9 - Unauthenticated Hardcoded Credential Exposure via OAuth Mock Route
Feb 27, 2026
EPSS 0.00
CVE-2026-28352 MEDIUM
Indico < 3.3.11 - Unauthenticated Critical Function Access via Event Series API Endpoint
Feb 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28351 MEDIUM
pypdf < 6.7.4 - Uncontrolled Resource Consumption via RunLengthDecode Filter
Feb 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28370 CRITICAL
OpenStack Vitrage <12.0.1,13.0.0,14.0.0,15.0.0 - Code Injection
Feb 27, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27839 MEDIUM
wger <= 2.4 - Authenticated Authorization Bypass via Nutritional Values Endpoint
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27838 LOW
wger < 2.4 - Authorization Bypass via Routine Detail Cache Key
Feb 26, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-27835 MEDIUM
wger <= 2.4 - Unauthorized Data Access via RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27457 MEDIUM
Weblate < 5.16.1 - Unauthorized Addon Information Exposure via REST API
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27966 CRITICAL
Langflow < 1.8.0 - Remote Code Execution via CSV Agent Node
Feb 26, 2026
CVSS 9.8
EPSS 0.38
CVE-2026-27948 MEDIUM
Copyparty < 1.20.9 - Reflected Cross-Site Scripting via URL Parameter
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27888 HIGH
pypdf < 6.7.3 - Denial of Service via XFA Property with FlateDecode Compression
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27809 CRITICAL
psd-tools < 1.12.2 - Denial of Service via Malformed RLE-Compressed Image Data
Feb 26, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27735 MEDIUM
mcp-server-git <2026.1.14 - Path Traversal
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25736 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25735 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25734 MEDIUM
Rucio WebUI < 35.8.3 - Stored Cross-Site Scripting in RSE Metadata
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25733 HIGH
Rucio <35.8.3, <38.5.4, <39.3.1 - XSS
Feb 25, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-25138 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - Info Disclosure
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25136 HIGH
Rucio < 35.8.3 - Reflected Cross-Site Scripting via WebUI ExceptionMessage
Feb 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-26717 MEDIUM
Richie < 3.3.0 - Observable Timing Discrepancy in HMAC Signature Verification
Feb 25, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-27695 MEDIUM
zae-limiter < 0.10.1 - Denial of Service via DynamoDB Partition Key Collision
Feb 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27696 HIGH
changedetection.io < 0.54.1 - Server-Side Request Forgery via Watch URL Validation Bypass
Feb 25, 2026
CVSS 8.6
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV