pypi
4,986 tracked vulnerabilities.
CVE-2026-35586
MEDIUM
Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng
Apr 07, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-35523
HIGH
Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35526
HIGH
Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35492
MEDIUM
Kedro-Datasets <9.3.0 PartitionedDataset - Path Traversal Arbitrary File Write
Apr 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35490
CRITICAL
changedetection.io <0.54.8 Route Decorators - Authentication Bypass
Apr 07, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-4292
LOW
Privilege abuse in ModelAdmin.list_editable
Apr 07, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-4277
CRITICAL
Privilege abuse in GenericInlineModelAdmin
Apr 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-3902
HIGH
ASGI header spoofing via underscore/hyphen conflation
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35464
HIGH
pyLoad <=0.5.0b3.dev96 - Flask Session Store Code Execution
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-35463
HIGH
pyLoad has Improper Neutralization of Special Elements used in an OS Command
Apr 07, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-33034
HIGH
Django < 6.0.4, 5.2.13, 4.2.30 - ASGI Upload Memory Limit Bypass
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33033
MEDIUM
Django < 6.0.4, 5.2.13, 4.2.30 - MultiPartParser Base64 Upload Denial of Service
Apr 07, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-33866
MEDIUM
Authorization Bypass in MLflow AJAX Endpoint
Apr 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33865
MEDIUM
Stored XSS via unsafe YAML parsing in MLflow
Apr 07, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-1114
CRITICAL
Improper Access Control via Weak JWT Token in parisneo/lollms
Apr 07, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-1839
HIGH
Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers
Apr 07, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-35459
CRITICAL
pyLoad has SSRF fix bypass via HTTP redirect
Apr 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35187
HIGH
pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter
Apr 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-35175
MEDIUM
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35171
CRITICAL
Arbitrary Code Execution via Malicious Logging Configuration in Kedro
Apr 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-35167
HIGH
Kedro <1.3.0 Versioned Dataset Loading - Path Traversal
Apr 06, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-35052
CRITICAL
D-Tale affected by Remote Code Execution through redis/shelf storage
Apr 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-35044
HIGH
BentoML <1.4.38 Dockerfile Generation - Server-Side Template Injection
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-35043
HIGH
BentoML: command injection in cloud deployment setup script (deployment.py)
Apr 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-35030
CRITICAL
LiteLLM <1.83.0 OIDC Userinfo Cache - Authentication Bypass
Apr 06, 2026
CVSS 9.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters