pypi

4,986 tracked vulnerabilities.

CVE-2026-35029 HIGH NUCLEI
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
Apr 06, 2026
CVSS 8.8
EPSS 0.26
CVE-2026-34756 MEDIUM
vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34755 MEDIUM
vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34753 MEDIUM
vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
Apr 06, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34589 MEDIUM
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
Apr 06, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34588 HIGH
OpenEXR PIZ Decoder - Out-of-Bounds Read/Write
Apr 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-34444 CRITICAL
Lupa <=2.6 getattr and setattr - Sandbox Escape
Apr 06, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-33752 HIGH
Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
Apr 06, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-5559 MEDIUM
AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
Apr 05, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-34955 HIGH
PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox
Apr 04, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34954 HIGH
PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL
Apr 03, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-34953 CRITICAL
PraisonAI: Authentication Bypass in OAuthManager.validate_token()
Apr 03, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34952 CRITICAL
PraisonAI: Missing Authentication in WebSocket Gateway
Apr 03, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34939 MEDIUM
PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Apr 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34938 CRITICAL
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Apr 03, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-34937 HIGH
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Apr 03, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-34936 HIGH
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
Apr 03, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-34935 CRITICAL
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Apr 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-34934 CRITICAL
PraisonAI: Second-Order SQL Injection in `get_all_user_threads`
Apr 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-34824 HIGH
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service
Apr 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34052 MEDIUM
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Apr 03, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33709 MEDIUM
JupyterHub <5.4.4 Login Flow - Open Redirect
Apr 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33175 HIGH
OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
Apr 03, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0545 CRITICAL NUCLEI
Missing Authentication for Critical Function in mlflow/mlflow
Apr 03, 2026
CVSS 9.8
EPSS 0.04
CVE-2026-27124 MEDIUM
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
Apr 03, 2026
CVSS 6.1
EPSS 0.00